Out of the box, Windows 10 Professional includes plenty of features to meet the needs of most users, from students only using Office 365 to PowerShell experts. However, Professional is not the last word when it comes to Windows 10 for business users.
It’s time to discuss Windows 10 Enterprise edition, specifically Windows 10 Pro vs. Windows 10 Enterprise: what features and benefits does Enterprise bring to the table not already found in Professional? Do most SMBs need those additional features? And how much does Enterprise cost? We dive into what differentiates Enterprise edition and discuss when it makes sense to upgrade.
Windows 10 Enterprise Features
Let’s start with the main feature set that differentiates Professional and Enterprise editions of Windows 10. These include Group Policy, mobile device management, Windows Update for Business, Kiosk mode, BitLocker encryption, and more.
AppLocker – In Enterprise, the AppLocker feature allows administrators to restrict user access to programs based on file path, publisher, product name, file version, or hash. In an office environment, this can be essential for security as it can protect the network from malware and prevent users from installing unauthorized programs.
Group Policy Editor – While Group Policy can be found in Professional edition, Enterprise expands on the feature with the addition of several new settings. It gives administrators the ability to disable Microsoft consumer experiences, including games, third-party apps, and links to the Microsoft Store. Secondly, the Microsoft Store can be completely disabled along with any apps installed from the Store.
Application Virtualization (App-V) – App-V enables organizations to install applications on a server and virtually deliver them to users in real-time. Users run the application from their own computers with no need to install a local copy, saving time. For added efficiency, App-V allows for centralized management of applications since settings need only be changed one time centrally rather than multiple times on different computers.
User Experience Virtualization (UE-V) – With UE-V, organizations can save user settings in a centrally managed location, which can then provide users their personalized Windows and application settings no matter which networked workstation they log into. A user can use one workstation and then move to another without their settings changing. UE-V also allows organizations to create templates for third party applications and settings, enabling quicker deployment of new workstations.
Windows Long Term Service Contract (LTSC) – LTSC is a specific release model of Enterprise for equipment such as MRI machines, ATMs, and similar types of devices with a specific, unchanging use case. LTSC allows companies to install Windows 10 Enterprise once, and not have to worry about applying feature updates later. Instead, LTSC installs only receive security updates when available.
DirectAccess – Similar to a VPN, DirectAccess allows for a remote computer to be part of an organization’s private network, with authorized access to file servers, applications, and more. But instead of the usual VPN log-on process where a user turns on their local machine, logs on, and then connects to the VPN, DirectAccess is more straightforward. Users immediately connect their organization’s network as soon as they log onto Windows.
BranchCache – In a typical VPN setup, when a user in a remote company network accesses a file on a central server, their computer fetches that file from the server every time they access said file. With BranchCache, the remote network stores frequently accessed files for all connected computers to access.
Picture an organization with a main office and a satellite office. The main office houses the central file server which can be accessed by users in the satellite office via VPN. When a user in the satellite office accesses a file on the main server, BranchCache creates a local copy stored in the branch office’s network. Then when other users in the satellite office attempt to access the copy in the main file server, the network serves them the local copy instead. It helps save bandwidth and speeds up access times for users.
Resilient File System (ReFS) – You’ve probably heard of the file systems FAT, FAT 32, and NTFS. ReFS is another such file system, except it provides more resistance to data corruption and has the capability to repair corrupt data. While Home and Professional editions of Windows 10 can read and write to ReFS file systems, only Enterprise can create one.
Unified Write Filter (UWF) – UWF intercepts and redirects drive storage write operations to a temporary virtual environment. The temporary location then gets cleared following a reboot or upon logging off. Ideal for computers that will be frequently used by guests, such as kiosks, library, and hotel computers. UWF also reduces wear on solid state drives, thereby extending their lifespan.
Windows To Go – This feature enables administrators to create copies of Windows workspaces stored on USB drives, which can then be booted from any PC. Users with the USB drive can take their workspaces onto any PC, provided they can boot from the USB drive. Windows To Go does not provide for a full desktop or laptop experience however, since users do not get access to the internal drives of the PC being used and hibernation is disabled, among other limitations.
Windows 10 Enterprise Versions: E3 vs E5
Windows 10 Enterprise comes in two variants, E3 and E5. The main difference between them comes down to the feature set of Windows Defender. With E5, organizations get access to Windows Defender for Endpoint, previously branded Windows Defender Advanced Threat Protection (ATP). Windows Defender for Endpoint includes additional functions not normally found in other versions of Windows Defender.
The additional functions center around network security management, such as providing isolation of devices with malware, cloud protection, analytics and reporting, better network monitoring functionality, and centralized configuration of workstations. The Defender for Endpoint package only comes with Enterprise E5 and helps organizations better manage security for multiple computers in their network. The pricing for E3 and E5 differ, with E5 being slightly higher.
In addition to the software features listed above, hardware comes into play with Windows 10 Enterprise. Most editions of Windows 10 up to Professional only support up to 2 TB of physical memory while Enterprise supports up to 6 TB. On the processor side, Enterprise supports a maximum of four CPU sockets and 256 CPU cores. Professional meanwhile, only supports up to two CPU sockets and 128 cores. If your organization utilizes machines that exceed the hardware limitations of Professional edition, then the Enterprise makes the most sense.
Pricing for Windows 10 Enterprise does not follow the standard one-time purchase model. In order to install Enterprise, an existing licensed copy of Professional needs to be installed first. Then Enterprise can be purchased as a subscription through the Microsoft Volume Licensing Center, which requires working with a Microsoft Partner. For more information on purchasing Volume Licenses, contact us to learn more.
When Should You Upgrade?
Determining when to upgrade your organization to Windows 10 Enterprise comes down to several factors. Do you have machines with embedded systems such as ATMs on your network? If so, Enterprise LTSC makes sense. Does your organization operate workstations that exceed the hardware limits of Professional edition? Enterprise makes a strong case in such situations as well.
In addition to the hardware justification, Windows 10 Enterprise provides more benefits for organizations with dedicated IT teams. Generally, Windows 10 Enterprise makes sense for medium to large organizations that have dedicated IT staff to handle the installation and management of networks. For the lone freelancer or consultant, Enterprise offers little benefits.