It's the end of the world?! Oh no! Well, not the whole world—just the world of Windows 7. Support is ending on January 14th, 2020 and it's time to start putting together an action plan. In our recent webinar with MVPs Johan Arwidmark (JA) and Maurice Daly (MD), along with our own Steve Campbell (AKA Soup), attendees had an opportunity to get an expert opinion on updating. Check out the on-demand webinar now and take a look at some of the questions from the audience.
Question: Any recommendations on getting users to volunteer for available upgrades as opposed to required deployments?
Soup: For some organizations, there are groups of users with built-in hunger. They always and already want to be on the latest-greatest. Search them out. Have the XLT send out a communication looking for them. Encourage them by reaffirming that they can help the entire organization to move faster. Also look for power users, those users whom other users go to when IT can’t or won’t respond. Look to leverage new hardware purchases or upgrades. E.g. Hey Ms. End User, if you’ll go to Windows 10 as part of testing and validating our new computing platform, you’ll receive one of the latest PC/Laptop platforms.
(I’ve even seen AmEx/Target card giveaways for early adopters. I think it was $50!)
MD: Send out an email! You would be surprised at who amongst you in an organization is actually a closet techie, and thus like to try out the latest and greatest.
Question: Windows 10 Native Feature Update via ConfigMgr – When making an FU available a user can click Install but then the reboot for phase 2 does not happen automatically, it requests you reboot manually for me. Is this normal behavior? Should it not reboot after phase 1? Recommendation: Copy Start Menu XML to a local device or point to UNC path?
Soup: so far, it seems like most organizations and teams are using Task Sequences to upgrade (or flight) their users (as we discussed during the webcast) and maintain more control.
MD: For control over restarts, you can control the behavior via group policy. As for the Start Menu XML, it really depends on your environment, but my preference is to control the XML from a single source i.e UNC path.
Question: Can you clarify the Upgrade Readiness cost? If our company already has Azure AD in place, getting Upgrade Readiness going wouldn't cost anything?
Soup: from Microsoft… Upgrade Readiness is a free solution. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data do not count toward OMS daily upload limits. If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Here’s a great guide to get started.
Question: Would it be better to uninstall the older software during the "post-upgrade" actions instead of uninstalling it before the upgrade is performed? (In case the upgrade fails and rolls back you're left without the VPN client.)
Soup: A lot will depend on what type of deployment you’re doing. I think based on your question you’re looking at InPlace Upgrades or IPU. If so, I typically expect to see the needed to uninstall (or upgrade) versions of Antivirus, VPN and Disk Encryption software *before* the OS changes occur. Obviously, you’ll want to evaluate and test first. Your software and vendors may drive what you can and can’t do for rollback scenarios.
MD: In the scenario we showed, the task sequence was intended as a production-ready TS post all of your test processes. The issues with some VPN software clients during upgrades to the point that they break the network stack completely. I've seen this happen in the past where the user would need to then disable the component but doesn't have rights to. So the key here is testing the releases from the vendors rigorously prior to deploying your final TS.
Question: Biggest challenges in my current Windows 10 migration project are web apps with issues on IE 11 and we will likely be standardizing on 64-bit when moving to UEFI. Which is caused by the team kicking the can down the road during the last migration. What do you guys recommend for discovering 64-bit app compatibility issues?
Soup: Certainly, Upgrade Readiness will play a role (or should). Upgrade readiness *should* be able to tell you how many devices are currently running application X. (I can’t recall at the moment if it shows you what hardware types or OS bitness is involved. You don’t indicate which OS you’re migrating from, but I’ll assume Windows 7.
With Windows 8 and 10 waaay down the road now, most 64-bit app and peripheral issues have been experienced and identified. I’ve only seen a very few number of apps that had issues running on 64. Most were quite happy to have 64’ address space for both CPUs and Memory. If your team has a history of can kicking, don’t let them kick the BIOS -> UEFI conversion down the road. It’s not impossible and 1E Bios->UEFI can make it “auto-magic”.
The best thing you can do? Figure out the smallest population of users that covers the most apps and …. Put them on it. Treat them as your Ring0 and load up a box, a VM, whatever and have them have at it.
Question: With both guys being top experts with ConfigMgr. I wonder what SCCM tools and add-ons they can't do without and recommend to the rest of us?
Soup: For me, CMTrace (an oldy but a goody) is still great for reading log files. Certainly, the 1E tools and specifically NOMAD to reduce and nearly eliminate the need for any DPs and SMPs in remote/branch locations is a huge benefit and architectural simplification for any organization.
The 1E Windows Servicing Suite (Nomad, Night Watchman, Bios-UEFI, Shopping Portal, App Migration and our NEW Windows Servicing Assistant should be considered as must-haves for any ConfigMgr shop. You can read more about WSS here. And how could we not call out the Microsoft Deployment Toolkit (MDT)?! If you’re not leveraging that… you’re really missing out.
MD: I'd agree with Steve on the first one, CMTrace without a doubt has to be your go-to log reading tool. Also contained within the Systems Center 2012 R2 Toolkit you will find the Content Library Explorer, which is a great tool for looking into any odd issues with packages on your distribution point.
Question: Do you think Windows 10 S can be an enterprise-class OS in the near future?
Soup: I think the issue will be, how many enterprises are ready to move some or all of their users to Modern Management. How many are ready to fully depend on connectivity, cloud, UWP apps etc. Organizations will need to embrace key concepts like Windows Store only delivered apps as well as storage of files in OneDrive. There’ll be some organizations able to do that and Win10S may change over time. But I think it’ll be a somewhat slow uptake. I’m hearing and sensing from some at Microsoft that it’s the next big bet though. It’ll be fun to watch.
Question: How much risk is there to your apps with each new feature version I.e. If it worked on 1703 should it work on 1709 or is there a risk it won't
Soup: Based on what I’m hearing from peers, and customers, they’re not running into any substantial LOB-app related issues so far. A few with VPN, AV and disk encryption issues. But those folks have been seeing that with the Ring0 users and able to react accordingly with little production impact (as intended). Microsoft seems to be doing a pretty good job of testing on their end as well.
JA: It also depends on what security features that are enabled. For example, enabling credential guard will cause more application compatibility issues than if it’s not enabled.
Question: How is OMS priced? Will it work with Azure AD free version?
Soup: from Microsoft… Upgrade Readiness is a free solution. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data do not count toward OMS daily upload limits. If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Here's a resource to get you started.

Don't forget, you can check out the on-demand webinar now!