The Ring is the Thing: Insights from Ignite

I'm just getting back from a week long trip to the Microsoft Ignite conference held in Orlando, Florida. This year was more exciting than previous years as my new friend Paul Warren and I were asked to join Dona Sarkar and Blair Glennon from the Microsoft Windows Insider team on stage to tell the story of how we brought Windows Analytics and Windows Insiders for Business to our organizations. Like previous years, I've come back with new things to research and experiment with. I also made the most of my networking opportunities and managed to make several new friends and acquaintances. In reflecting back on everything I learned and experienced, one thing stood out: it seems there is a fundamental misunderstanding about the Windows Insiders for Business program and how it works. As I met each new person, I asked them if they were flighting Insider builds within their organization. The responses I heard time and time again were: "our organization is risk adverse," or "we don't allow telemetry," or "I have to wash my hair"! Ok, that last one was a bit of an exaggeration, but you get my point.

Let's walk through this starting with "we can't do Insidering because our organization is risk adverse". Given the twice yearly release schedule of Windows 10 testing your applications each time can be time consuming. Waiting for the production release shortens your window for validation of you applications, pilot, and production rollout. Issues discovered must be resolved quickly. If you need to work with an ISV you are adding more variables into the calculation. You now have rolled out a production build and discovered an issue with a critical application that will require code changes to fix. You can rollback, but your support window on that particular Windows build is ticking. Your customers are impacted. How's that for risk?

Now let's say you are running Insider builds on one or two of these critical devices. You discover the bug, leave feedback, notify your ISV, and work to get the issue resolved before the rollout even begins! You are now an IT hero!

"That's great," you say, "but what about all that telemetry data Microsoft is collecting? My security team will never let that pass." Have you asked, or are you making an assumption? Microsoft provides pretty detailed documentation as to what data is collected and what telemetry levels are required. They also provide tools to see what data is being collected. Arm yourself with information! Learn what is collected, review the documentation, and schedule a discussion with your security and compliance teams. Set up a test tenant and configure Windows Analytics. Use this to show the value of the data collected. It is a simple risk versus reward discussion.

Now I know what you are thinking. Yes, the second half releases are going to be supported for 30 months. This does allow quite a bit more time. It also allows hackers more time to find vulnerabilities. Risk.

At Ignite Paul and I hosted an "Idea Swap" around the Windows Insiders for Business (WIP4Biz) program. The Idea Swap concept is a small group discussion designed for open dialog and mentoring on a particular topic. During this session others who believe in the concept wanted to know how do they convince their bosses and security teams. The easiest way is to do the research, gather the data, and start small. Call it an "experiment". If it fails, there is little risk. If it succeeds (and it will), it will grow from there. Trust me.

The paradigm has shifted. You should want to stay current. No, you HAVE to stay current. The best way to reduce risk is to flight Insiders builds inside your organization to identify issues early and get them addressed before the OS is released. Try to keep new builds rolling every six months. You will find over time you are greatly reducing all kinds of risk! Not to mention staying ahead of your competition. If you are not Insidering your organization, you are outsidering your organization.