Q&A
Tackling the Windows Deployment Challenge
Device management expert Michael Niehaus discusses the benefits and limits of image-based deployments, when to use Autopilot, and how to keep your Windows skills sharp.
There are more tools today than ever to help IT pros deploy Windows efficiently and at scale. So why does it seem like the job isn't getting much easier?
For organizations challenged by the complexity of large-scale Windows deployments, self-professed "tech geek" and longtime Live! 360 speaker Michael Niehaus is preparing a presentation titled "What's the Future of Image-based Windows OS Deployment," where he'll discuss common challenges and strategies to mitigate them. In a sneak peek of his discussion, he answered some of our questions about image-based Windows deployments.
Redmondmag: What are some examples of situations that are better suited for image-based Windows OS deployments than Autopilot?
Niehaus: Sometimes you don't have a choice, sometimes you just need more speed. For example, what will you do if the hard drive crashes on a computer and needs to be replaced? What about a malware infestation? Or maybe something causes your machine to repeatedly crash and you need to get it back up and running quickly. In those cases, you need to deploy an OS image to get the device functional. That doesn't necessarily exclude Autopilot, though, since the device could go through the Autopilot process after the imaging process completes.
From a "speed" perspective, imagine you have a school lab or a call center where you need to get the same apps and configuration applied to every device in the room, and you need to be able to do it quickly. Having all of that in a big image enables you to quickly "blast" that image to a roomful of devices. Very simple, very fast.
How does image-based deployment compare to Autopilot in terms of security, efficiency and cost?
As with most things, "it depends." If you are creating the image yourself, there is potentially significant effort involved in doing that; you probably also need to then manage the per-device drivers, too. That can certainly be expensive and time-consuming. But you could also use the Microsoft-provided image directly (downloading the media from Microsoft and using that). You could even use OEM-provided drivers directly (download them on the fly and inject them into the OS that is being deployed). Many customers today use the Microsoft-provided images to keep things as simple as possible.
From a security perspective, any scenario can be secure. Some customers may be uncomfortable with images that come preinstalled on devices from OEMs (e.g., certain government agencies) because of the possibility of tampering with that preinstalled OS, so they may choose to reimage the device themselves to eliminate that possibility.
What are some of the most common challenges that organizations face when using image-based deployment methods, and how can they be mitigated?
Driver management is usually the biggest effort, especially if you have many models of devices to be concerned about. After that, customizing Windows itself can also require a lot of work -- definitely minimize that at much as possible.
It's also worth looking at solutions that help with the most challenging parts. For example, there are tools that can help create model-specific driver packages that are ready to deploy. We've even been investigating "just in time" driver downloads directly from the OEM's Web site. That doesn't give the customer a lot of control over the version of drivers being deployed, but it at least makes it easy to get an "OEM validated" set of drivers to the machine.
Which tools related to image-based deployment are being phased out and why?
The Microsoft Deployment Toolkit (MDT) is being phased out. It doesn't officially support Windows 11 (although it works just fine), and because it is based on VBScript and HTA technologies that are deprecated by Microsoft, it will eventually no longer work.
Windows Deployment Services used to support deploying Windows images, in addition to the PXE services that it provided. With Windows 11, the ability to use WDS for image deployment has been removed. So now you can only use WDS to boot into Windows PE; the rest of the process (getting and installing an OS image) is now up to you.
Microsoft Configuration Manager continues to be a good option, but Microsoft has stated that their efforts are focused on cloud-native scenarios, so they aren't investing much in ConfigMgr. Will it go away, too? Probably not anytime soon, but if most customers make the move to a cloud-native and there's no one left on ConfigMgr, its days then become numbered.
What advice would you give to IT professionals considering a shift from image-based deployment to newer methods?
Keep it simple. A lot of image-based customizations that you may have done in the past probably aren't really needed -- and are extremely difficult to do using new cloud-native mechanisms (e.g., Intune and Autopilot) anyway.
You can support that cloud-native scenario with a simple imaging implementation to handle the other scenarios (e.g., break/fix) that you will still need to support.