By now, I am sure you are aware that Windows 7 has gone end-of-life, with the decade-old OS having received two "final" updates.
If you are still running Windows 7 and want to have security and critical updates that Microsoft deems necessary, you need to be signed up for paid extended support called Extended Security Updates (ESU). While ESU can give you another three years of support at price levels that are easy to budget for, there are other associated risks with staying on Windows 7.
Adding to the pressure of migrating to Windows 10 is the fact that Office 2010 is also going end-of-life in October of this year. But unlike Windows 7, there will be no extended support, paid or otherwise. This means organizations have to upgrade to Windows 10 and Office 365 as soon as possible.
With two major migrations to accomplish, most organizations are scratching their heads, wondering how to proceed? Which version of Office should they upgrade to — Office 365 or an on-premise version? Should Windows 7 be upgraded first or Office 2010? Should they be done in parallel?
Today, I want to walk you through four different options you have and offer two solutions on how to manage it. But before we do, let me first provide some background on why this is an issue.
Common Obstacles & Proper Tooling
No matter which of the paths outlined below you choose, the biggest bottleneck will be the transition away from Office 2010. As we discussed in an earlier post, migrating to either Office 365, Office 2016, or Office 2019 can cause your macros, add-ins, apps, or anything written with VBA to break.
Even with application management software in place, these Office add-ons can't be checked against a list, like common business apps such as Adobe. Instead, they need to be tested and, in many cases, remediated as they are hard-coded, and then tested again.
As many of these third-party add-ons are LOB critical — it requires the rewriting of the source code, finding the original developer and having them rewrite it, or starting over from scratch. Needless to say, this will be a time- and resource-intensive process. Having proper tooling in place to discover, tag and catalog, test, package, and test again will get you through these tasks faster and more efficiently. However, if you haven't started migrating yet, this process will not be finished until after the October 2020 deadline for Office 2010.
Having said this, let's have a look at the options to solve this problem:
Option #1: Migrate To Windows 10 First, Then Office 365
Microsoft has kept the cost of ESU low for the first year — ranging from free to $50/device and increasing to $100-$200/device in the third and final year. The reasoning behind this increase is to push organizations to Windows 10 as soon as possible.
Based on Microsoft's current support model, an organization who migrates now to Windows 10 version 1909 will receive support until May 2022. After a successful company-wide migration to Windows 10, the Office 365 migration will start.
There are several pros to this method. You will:
- Be replacing a decade-old OS, which will have a more significant impact than replacing the Office Suite.
- Be starting with Windows 10 Version 1909, which is the latest version and has 30 months of support.
- Be running a stable OS with continual security updates during the whole migration process.
- Be able to "ease in" to the as-a-service mentality — especially the IT staff and end-users.
- Have time to start testing macros, apps, add-ins, etc. for compatibility with Office 365, and time for remediation if necessary, assuming there are enough resources.
- Given the usual time frame it takes for an enterprise to migrate to Windows 10 (assuming the process hasn't started yet), your organization won't start migrating to Office 365 until well after support runs out.
- Office 2010 will become a liability, as it is a line-of-business critical set of apps, and enterprises will have several decisions to make about using it going forward until they update.
- Should you keep it running as usual in the hopes that any major security vulnerability has already been resolved in a previous update?
- Should you run Office 2010 through a container on Citrix, and also disable internet access, negating any internet based-vulnerability?
- Even with testing a pilot group for Office 365 compatibility, until all users are migrated and user acceptance testing (UAT) is done, not all issues will be known.
- End-users will experience frustration over:
- Running an outdated, possibly buggy and slower Office version
- The extended gap between two major updates
- Dealing with unknown issues as they are encountered during regular use after the update, twice, for Windows 10 and then for Office 365
- Running older software versions on work devices while they have newer versions on home devices
Option #2: Office 365 First, Then Windows 10
This option takes the route of security first, focusing on updating Office 2010 before it becomes unsupported. After a successful Office 365 migration, Windows 7 is then upgraded, with Windows 7 having paid security updates through 2022.
- Spend the least amount of time running software that is not being updated and is vulnerable to hackers.
- Tackle first the time and labor-intensive tasks of discovering, cataloging, testing, and remediating macros, add-ins, etc. issues.
- IT will have to maintain multiple environment builds
- Office 2010 & Windows 7
- Multiple Office 365 versions & Windows 7
- Multiple Office 365 versions & multiple Windows 10 versions
- Competitive disadvantage to running an 11+ year-old OS, missing out on new features, speed, efficiency, etc.
- Possible compatibility issues with other apps running on Windows 7
- End-user frustration as they continue to run Windows 7 longer
Option #3: Windows 10 & Office 365 In Parallel
This option will require the most effort and, without the right tooling in place, will most likely result in running Office 2010 past the October 2020 deadline. However, doing both of these at the same time — with the right tooling — will have you set up for maintaining a successful as-a-service IT environment.
- Get the latest versions of both Windows and Office as soon as possible.
- No need to "touch" the same device twice, which leads to a better end-user experience and less user frustration.
- You have to do significant application management work during both transformation projects, so doing it all at once properly takes care of a lot of headaches right away.
- The ROI on tooling and IT automation far outshines the ROI on the same technology for only one project at a time!
- This is slightly more time and labor-intensive.
- Will need a solution to contain Office 2010 after the EOL date.
- Can easily run over budget and over time, so the right tooling and IT automation are crucial.
Option #4: Windows 10 & On-Premise Office 2016 Or 2019
This option, on paper, seems reasonable. You update to the as-a-service version of Windows, but stay on-premise for Office, giving you time to adapt to the Evergreen IT pace. However, with this option:
- There will still be issues with your macros, add-ins, etc. that are hard-coded to Office 2010.
- Your organization will miss out on the latest feature updates and security enhancements that come with Office 365.
- If Office 2019 will indeed be the last on-premise version, you will still have a big-bang migration in your future when your IT team and employees will be used to Evergreen IT.
- The time and labor needed to complete both of these migrations will be overwhelming for most organizations, and will easily go past October 2020.
We do not recommend this option as it results in double work by pushing Office 365 down the line, and it keeps a major part of your IT environment out of the as-a-service lifecycle, which is widely adopted now.
Now that we have looked at the options, let's turn our attention to how to achieve them. Essentially, there are two ways:
First Path: Fully Embracing Microsoft's Modern IT Vision
If you ask Microsoft, the best way to do any of this is to fully get on board with their Modern IT Vision: a carefully orchestrated IT environment run on Windows 10 and Office 365, Microsoft Teams, and other apps but relies heavily/entirely on Microsoft Endpoint Manager including Microsoft Intune, Microsoft Systems Configuration Manager (SCCM), Microsoft Autopilot, Desktop Analytics, Azure Active Directory, and much more.
However, most enterprises aren't ready, or willing, to fully embrace every Microsoft product and be solely reliant on them for all of their IT needs. For example, an enterprise might have proprietary software, or have spent countless hours (and money) on training employees on current non-Microsoft software.
Second Path: Your Future In An Evergreen IT Environment
The other option is to adopt an Evergreen IT management approach, including some careful application lifecycle management choices. While this can include any or all of the tools above, it also uses third-party tooling such as Juriba Dashworks and IT automation solutions like Access Capture for application packaging and testing as well as Access Agent, our endpoint management automation framework.
To get your application estate ready for Evergreen IT (which solves your Windows 10 or Office 365 chicken or egg dilemma), it is very useful to run through the following steps:
- Normalization. This is the process of going through and cataloging all apps on all devices to see exactly how many apps and which versions are in use, and then comparing that to how many licenses are being paid for.
- Categorization. After all the apps have been normalized, categorization starts. For example, with a heavily used app, such as Adobe, the appropriate version(s) are chosen. For software that is used infrequently, when categorizing, it is imperative to check if it serves a critical function, like quarterly financial reporting. That software would be flagged as important even though the use is low.
- Rationalization. After you have categorized, low-usage apps that aren't necessary are rationalized, heavily used apps have their appropriate licenses procured, and duplicate function apps are also eliminated.
Pulling It All Together
I hope this blog post gives you some insights into the pros and cons of each of the options. Whatever you decide, it is important to go about this in a strategic way with the right tooling and automation.
Also, after gathering all of this data on your IT environment, store and maintain it in a centrally managed change management database (CMDB). Using this database, when updates to apps and OSs come in the future, updating, or even migrating to a new format, will become more efficient as it becomes part of a normal maintenance routine.