Microsoft unveiled its latest operating system in May 2017, designed to be light, performance-aware and secure.
After an update earlier this year, Windows 10 S, once a separate operating system, is now a mode of Windows 10. The change means users can now switch out of 10 S mode into the full Windows 10, but (for now at least) cannot switch back. Windows 10 in S mode offers tight security thanks to the locked-down nature of the OS. But businesses considering using it should be aware that the enhanced security comes with some trade-offs. Let’s examine the security benefits and the drawbacks of Windows 10 in S mode.
Windows 10 S Offers a Safer PC
When running in S mode, Windows 10 does not allow users to run x86 and x64 applications under any circumstances. Instead, it’s limited to Universal Windows Platform (UWP) applications published to the Microsoft Store. That restriction creates a more secure PC.
It should also improve performance by limiting unknown background processes from consuming resources. Users can still run applications that don’t work natively in S mode if developers first convert them to UWP and publish them to the Microsoft Store.
A second big change comes in the form of browser selection: In S mode, the browser of choice is Microsoft Edge. Although S mode supports other browsers, they too must be delivered through the Windows Store.
Expect Robust Security from the New Windows Platform
With limited IT staff, businesses don’t have time to micromanage their endpoints. Operating systems such as Windows 10 require consistent patch and anti-virus definition updates and are a prime target for phishing attacks.
It’s well known that people are always the weakest link in a security perimeter. Windows 10 in S mode greatly diminishes the risk that a company’s own people often represent. When the attack’s exploit can’t run even if an employee clicks on an email attachment, a great number of small business headaches can be prevented.
Since available apps are limited to the Windows Store, administrators can more tightly control what gets installed through tools like Microsoft’s System Center Configuration Manager or Microsoft Intune. Windows 10 in S mode also supports Windows Update for Business, which allows administrators to better manage updates.
The locked-down nature of Windows 10 in S mode makes it particularly useful for public kiosks, training PCs or notebooks and employee PCs that do not have any extra software requirements except those that can be met by an app in the Windows Store. In these cases, organizations can provide computers to users without worrying about malicious activity.
Because it’s impossible to run applications that aren’t in the Windows Store, small businesses that deploy virtual desktop infrastructure (VDI) can work around this by running apps in a remote desktop session. This scenario is possible with Windows 10 outside of S mode as well, but may not be needed since all applications run natively in Windows 10.
Consider Drawbacks Before Making the Switch to Windows 10
While users will see some great security benefits through locking down Windows 10, it is inevitable that some trade-offs must be weighed.
First, many common applications that businesses rely on are not UWP applications. This limits users in S mode because many small businesses want to run software by publishers other than Microsoft. Those applications will not run in Windows 10 S.
Also, Windows 10 in S mode will not join an on-premises Active Directory domain, and instead will join only Azure Active Directory domains. That will prove challenging for small businesses that still run domain controllers on their networks. Lack of domain membership means no single sign-on functionality, no centralized control via Group Policy and no to many of the other benefits that small businesses have come to know.
Finally, S mode for Windows 10 cannot simply be installed on any computer. It comes preinstalled on newer PCs from companies such as Dell, Asus, HP and Lenovo. Only small businesses that are ready to purchase new PCs will be able to use the 10 S mode operating system.
Small businesses that are all-in on Microsoft will find the most value with Windows 10 in S mode.
The operating system delivers significantly increased security on Windows 10 endpoints, better performance and superior manageability. Businesses already using virtual desktop systems, such as Remote Desktop Services, will also see benefits from Windows 10 S mode by running non-UWP apps virtually rather than on the local PC.
But S mode is not designed for every business. Organizations that use many non-UWP apps, require browsers other than Edge for some online services or operate without VDI should consider carefully whether to deploy S mode in their environments. Some might be better off sticking with standard Windows 10 Pro and managing a separate anti-malware solution.
Microsoft heard the concerns about the limitations of 10 S. Thanks to this year’s update, it’s a relatively simple matter for a business to switch out of S mode. And although it’s currently a one-way switch, Microsoft is expected to make it possible, in a future update, to switch S mode on and off.