The United States Department of Defense (DoD) has directed all U.S. DoD agencies to upgrade devices within their organizations to Microsoft Windows 10 by February 2017.
Overall, a total of around 4 million systems currently running Microsoft operating systems, including laptops, desktops and mobile devices, such as Surface devices, will be upgraded to Windows 10 over the next 12 months. The deployment of Microsoft’s latest platform begins immediately and represents the largest enterprise deployment of Windows 10 to date.
Susie Adams, Chief Technology Officer, Microsoft Federal, explains that the standardization on Windows 10 within all DoD agencies should help secure agency baseline systems. Moreover, she notes that the move would also help DoD lower the cost of IT and simplify its operating environment.
In fact, this is what Terry Halvorsen, CIO for the DoD, said in a November 2015 memo that directed all Combatant Commands, Services Agencies and Field Activities to rapidly deploy Windows 10 to improve cybersecurity. The memo also stated that the deployment should be completed by January 2017, but that the CIOs of each branch “will have limited waiver authority over their respective implementation plans on a case-by-case basis for up to 12 months.”
For Microsoft, this is great news, as the move reinforces the tech giant’s claims that Windows 10 can offer the necessary level of security that enterprises of any size are looking for. Furthermore, it will help the platform grab additional market share in both desktop and mobile segments.
DoD’s plans to upgrade to Windows 10 is accompanied by the National Information Assurance Program (NIAP)’s certification of the platform against the Mobile Device Fundamentals Common Criteria protection profile. This means that Windows 10 is in line with specific government criteria and standards and its use on mobiles would be safe.
Furthermore, Microsoft’s Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 have been granted approval as Multifunction Mobile Devices (MMD), meaning that they meet security and interoperability requirements consistent with the DISA Field Security Office (FSO) Security Technical Implementation Guides (STIG).
As a result, the Surface family of devices are now fully certified and available through the Defense Information Systems Agency (DISA) Unified Capabilities (UC) Approved Products List (APL). According to Microsoft, this also means that these devices can be easily worked into deployment plans.
Yusuf Mehdi, Corporate Vice President of Microsoft’s Windows and Devices Group, noted that DoD might integrate Windows 10 security features ranging from biometric mechanisms like facial recognition or fingerprints using the Windows Hello and Windows Passport to Windows Defender, Enterprise Data Protection - currently in testing, and tools such as Secure Boot, Trusted Boot, Device Guard, and Credential Guard.
When releasing Enhanced Mitigation Experience Toolkit (EMET) 5.5 earlier this month, Microsoft said that Windows 10’s security features essentially make the toolkit unnecessary on systems running under the operating system.
In December 2015, Microsoft confirmed that it stores Windows 10 encryption keys on its servers as a security measure, suggesting that this way users can regain access to encrypted drives should they lose the recovery key. Craig Young, a Cybersecurity Researcher for Tripwire, told SecurityWeek that encryption keys would be safer this way, because an attacker that could breach Microsoft’s servers would almost certainly be able to infect a user’s computer with malware.