The Microsoft Windows operating system powers the majority of the devices that are utilized by front-line workers in the field across all industries. Mobile workers who interface with customers and provide other business-critical tasks to organizations need lightweight and efficient operating systems that are easily provisioned and maintained from a security and identity standpoint.

In case you haven’t heard, Microsoft has introduced a new version, or more properly a mode, of Windows 10 Pro and Enterprise that allows having a more performant and security platform for this particular use case. The version or mode of Windows 10 called S mode. There are many advantages and unique capabilities and characteristics of “S” mode that allow it to be an extremely smart choice for organizations looking to utilize the powerful Windows 10 platform in a more efficient and secure configuration. The resulting configuration in S mode allows running on budget hardware.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Let’s take a closer look at Windows 10 Pro S mode Features and Capabilities to see how this version of Windows provides powerful capabilities to front line workers across the landscape of multiple industries.

What is Windows 10 in S Mode and Use Case?

Microsoft has thus far not revealed what the “S” in S mode stands for. However, one could surmise that due to the increased performance and security of the platform, the “S” could very well stand for “Speed” or “Secure/Security”. Whatever the case, there are certainly features that align to both of these strengths of this particular mode of Windows 10. As mentioned, this is a “mode” and not a “version” per se of Windows.

In previous versions of Windows 10, S was a separate edition that had a different image than non-S editions. However, starting with Windows 10, version 1803, this is a “mode” that is enabled on Windows 10 Pro or Windows 10 Enterprise causes the OS to behave differently with different characteristics from the full-blown installation of Windows 10 Pro and Enterprise.

Download Banner

Organizations who decide to utilize this mode of Windows 10 Pro or Windows 10 Enterprise need to take into consideration the differences with the way the S mode works in relation to the other versions/modes of Windows 10 when preparing images. Any typical customizations that are made need to be verified to work with S mode. This includes considerations of what is blocked from running in Windows 10 S mode. Only signed executable code is allowed to run on Windows 10 S mode. Apps not signed with either Windows, WHQL, ELAM, or Store certificates from the Windows Hardware Developer Center Dashboard are blocked. Additionally, any script or application that calls a blocked component will be blocked.

When thinking about the use case that fits with the design of Windows 10 S mode, the first line workers are the general class of worker for which Windows 10 S mode makes sense. First Line workers generally work with customers and require very light applications. They engage with customers, products, and operations, and they are typically the employees that represent the brand of the company. This subset of workers makes up some 2 Billion in number from all major industries. With that being said, the Windows 10 S mode variant provides an easy to provision, secure, and light version of Windows that makes a lot of sense for this use case.

Windows 10 S mode is based on Windows 10 Pro. It has been optimized to be simple, secure, familiar, and efficient. When it boots, it boots much more quickly due to a streamlined operating system. It provides cloud connectivity to interact with Azure. It is secured in that it only allows running applications from the Windows store. It allows integration with MDM and Azure Identity.

Drilling down a bit further into the specific advantages of running Windows 10 Pro in S mode. It allows many benefits from a security, cloud, and efficiency standpoint.

Enhanced Device Security – It only runs apps that are certified Microsoft Store applications as well as your customized business applications that are controlled and distributed through the Microsoft Store for Business.

Cloud Managed Capabilities – From provisioning the device using Windows Autopilot, to being able to confirm user identity through Azure Active Directory and manage them through the mobile device management capabilities in Azure, Windows 10 Pro in S mode delivers all these cloud-aware capabilities.

Note : Connecting to on-premises Active Directory is not possible

Use Budget Hardware – Due to the scaled down services and very lightweight footprint from an operating system standpoint, Windows 10 Pro in S Mode allows running on very inexpensive hardware while not sacrificing the performance of more powerful hardware devices.

Multi-user devices – Windows 10 Pro in S mode allows running different applications depending on the user and keeping these identities and user data separate and secure.

Easy Upgrades – Upgrading from Windows 10 Pro in S mode to Windows 10 Enterprise S mode is easily accomplished and allows even further security, management, and analytics features.

The built-in Code integrity policy of Windows 10 S Mode blocks the execution of unsigned or improperly signed binaries. Using unsupported binaries may be necessary when performing lab or factory image customization. This calls for a special mode in S mode called manufacturing mode. This allows running unsigned code in Audit Mode. This is done by adding a simple registry key to an offline image. Windows 10 S mode manufacturing mode can be enabled by adding the following registry key:

  • eg add HKLM\Windows10S\ControlSet001\Control\CI\Policy /v ManufacturingMode /t REG_DWORD /d 1

Considerations to Make with Windows 10 S mode

There is no question that Windows 10 S mode holds out some really great benefits for organizations looking to have an ultra-secure and performant version of Windows running on budget hardware for first-line workers. The very minimalist approach to running the operating system combined with the fact that only signed applications from the Windows Store can run create a unique and very secure environment that is highly resilient to Malware infection. By utilizing this approach to running Windows for first-line workers, there certainly are benefits to organizations deploying devices for those workers. The tight integration with Azure and the ability to control deployment using AutoPilot provide added benefits to businesses utilizing this specialized mode. New with 1803, this is a mode and not a specialized version of Windows. This makes deployment much easier as it is simply a switch to be flagged on in Windows 10 Pro and Windows 10 Enterprise versions starting with 1803.

There are a few downsides to Windows 10 S mode such as the inability to connect S mode with on-premises directory services. For directory services, it is only Azure Directory Services compatible. Additionally, you can’t tie in Windows 10 S mode to any on-premises System Center environments for management. Another drawback for businesses may be the tighter requirements for applications running inside S mode as you can’t use any other browser besides Edge and you can only use applications that exist in the Windows Store. Businesses can use the Store for Businesses to publish their applications for use.

Thoughts

Microsoft is certainly taking greater strides to compete in the ever-growing cloud dependent world, even on the operating system side of things. Google’s Chrome OS has shown this is a viable solution for running end-user devices and holds out many advantages when compared to “fat” installs of operating systems on disk. With the Windows 10 S mode variant, Microsoft has introduced a very capable and useful mode in Windows that allows securing the operating system and ensuring performance, even on older or less powerful hardware. Windows 10 S mode makes a perfect choice for many businesses who have to provision and support end-user devices for first-line workers who interface with customers and who can benefit from lighter OS installations and more secure operating system environments.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post