As one of the largest biopharmaceutical companies in the world, AstraZeneca is used to driving rapid change and innovation, supported by evaluation and implementation of leading-edge technologies. But how would a company with over 70,000 Windows clients manage a whole new Windows deployment schedule with Microsoft’s Windows as a Service (WaaS)?
Like most organizations, AstraZeneca was accustomed to deploying new versions of Windows every 2-3 years and wanted to ensure their workforce could use the latest software to maximize its capabilities and features but make these updates part of its business as usual process. With Windows 10 and the introduction of WaaS, the company moved to two Windows feature releases a year. What’s more, the steady stream of cumulative security and quality updates were delivered monthly, using a controlled patching process.
As it turns out, both of these changes worked to AstraZeneca’s advantage. The deployment tools and validation processes that the company had developed before Windows 10 would work even better under WaaS. Better yet, the move to WaaS would yield additional security and productivity benefits across the company. And by participating in the Windows and Office Insider programs, the company has been able to get their users up to speed on new productivity features as soon as they are released.
Read on as two IT Pros from AstraZeneca tell us how they did it.
Windows as a Service: before and after
Prior to Windows 10, AstraZeneca required a large mobilization of resources to manage each major Windows release. As Andy Thorp, Platform Architect at AstraZeneca explains, “Before Windows 10, we treated each Windows release like a major project. We’d bring on project managers and other IT resources. And we’d do this because, with each release, we were essentially creating a new client each time. We’d also spend time building and testing the delivery mechanism.”
With WaaS, the semi-annual updates are smaller and more manageable. “Now, with WaaS, we are building on an existing client. Windows releases are no longer the kind of major project like they used to be”, says Thorp.
WaaS has also been a major factor in streamlining the company’s testing and remediation processes. “Back before Windows 10, our managers would want to test everything,” says Thorp. To help these managers make more informed decisions about what to test, Thorp’s team created impact assessment reports detailing new features in Windows and assigning an impact score to each feature. In theory, this should have enabled managers to focus more on high-risk issues. “But given the size and extent of the changes in each release–most managers felt compelled to run through each new feature that was used by their business unit, regardless of assessed risk.”
Today, teams at AstraZeneca are testing more efficiently. “Windows as a Service has changed our company’s attitude towards testing,” says Thorp. People find the smaller, semi-annual feature updates less overwhelming. They have a better idea about what’s happening, what’s changed and what hasn’t.” Managers are now using the team’s impact assessments exactly as they were intended–to focus on those features that really need to be tested, skip low-risk items–and accelerate new Windows deployments.
Of course, some devices require more testing than others. As part of a highly-regulated industry, AstraZeneca has many devices, such as those in the operations division, where every change needs to be validated to meet stringent compliance requirements. This is where the Windows servicing tools have proven useful. Using Microsoft System Center Configuration Manager, the same system that the company used before Windows 10, administrators at AstraZeneca can apply longer deferral policies to specific devices.
Cumulative updates–the fuel for better remediation
Thorp’s team manages monthly cumulative updates in the same way, using deferral policies to allow for three weeks of testing before release. Both security and quality updates are tested during this time–a big improvement for the company versus updates before Windows 10.
“In the past, we were doing security updates monthly,” explains Thorp. “But we weren’t doing quality updates on a regular basis. In some cases, we would drop an update altogether. For example, an app owner might have an issue with a patch–so we’d remove that update from the release. This essentially meant that we would go months without that patch across the estate.”
That’s exactly the problem that Microsoft wanted to address with cumulative updates. By bundling security and quality updates into one package, cumulative updates can help organizations reduce the compatibility issues and system anomalies that often come with selective patching. This new approach has also led to an equally valuable benefit: faster, more efficient remediation.
“Because we can no longer separate security and non-security updates, the onus is on vendors and app owners to fix issues rather than simply have us remove a patch,” says Thorp. “I remember sitting down with a vendor on a compatibility issue related to a patch. When we investigated further, we discovered that it was related to an update required on their web server. Resolving the issue only took 3-4 days. Five years ago, we likely would have simply taken the patch out.”
This kind of ongoing remediation has lightened the load of feature updates even further. “Since we are testing and installing both security and quality updates on an ongoing basis, we reduce the intensity of the 18-month releases. By the time we get to the 6-month mark, our impact assessment essentially only needs to focus on the features,” says Thorp.
Making WaaS work for users
As the AstraZeneca team fine turned their WaaS deployment and testing systems, they turned their attention to an equally important part of their deployment plan: their end users.
Philippe Jacqmin, Hardware & Software Service Manager at AstraZeneca, explains. “The technical aspects of WaaS are relatively easy for us to control and manage. But where it gets a bit more complicated is around changing user behavior and making sure updates are installed on a regular basis. In my division, for example, most users are focused on very specialized manufacturing technologies, not Windows. They see updates to Windows as a distraction from their work. We’ve had to change that perspective.”
The team started by emphasizing the security benefits of WaaS. “People in our company are all too aware of how often organizations like ours are the target of intellectual capital piracy and other security breaches. When we explained how these security threats are continually changing and evolving, and how we needed more frequent updates to keep up, that resonated instantly with our entire user base,” says Jacqmin.
But Jacqmin and his team wanted to go even further. They wanted to convince users that WaaS was not only something the business had to do–but something users would actually want to do. “With each new release of Windows 10, we see features that we know could really benefit our users. It was just a matter of showing people how to use them.”
To do this, Jacqmin and his team develop extensive education materials with each release. Resources include everything from posters, slides and video for plasma screens to events, tip sheets and presentations, many of which are translated for global distribution. But work like this takes time and preparing materials for a new release twice year was challenging. Jacqmin wanted to develop a more efficient process to get materials out sooner. And that’s where the Windows Insider Program has proven especially valuable.
Getting a head start with the Windows Insider Program
“The Windows Insider Program is like a looking glass into the future”, says Jacqmin. “Exploring Windows 10 Insider Preview Builds has allowed me to prepare tip sheets and other resources way before a general release. Early access to preview features gives me time to align these features to the needs and issues of my users and better prepare user education so it lands as soon as a new version of Windows is released.”
Jacqmin goes on to point out one of his favorite examples: OneDrive Files On-Demand. “When Version 1709 arrived, I was already actively using the feature through Insider Preview Builds. I was able to get education materials out on the feature on release day. Users were able to leverage the feature just in time to prepare for an important annual meeting. This one feature has changed the way our users work, especially those working out in the field with customers and partners.”
Jacqmin also uses Insider Preview builds as an early litmus test of potential issues. “When something crashes, I make a point of heading straight to the Feedback Hub to see if others have had the same issue. I’ll often find that the issue has already been raised by another Insider and Microsoft has posted a note confirming that they’re investigating.”
Jacqmin has discovered that Insider Preview builds can help with non-Windows-related issues, as well. “Sometimes I’ll find a new configuration or feature in a preview build that addresses, say, a hardware or app issue. Even if I don’t see what I need in a build, it helps me focus on other possible solutions outside Windows.”
Along with Insider Preview builds, the program provides Jacqmin with other valuable resources. To keep up to date, for example. Jacqmin follows the blogs and articles on the Windows Insider website. “Obviously, I can’t keep up with every new feature and the site provides a good summary,” he says.
Beyond Windows and into the future
As AstraZeneca reaps the benefits of WaaS, it has also had success with Office as a Service. The company deploys Office 365 using a content delivery network which reduces internal management while still giving them control over how a client is defined and patches are managed. The team is also active in the Office Insider Preview program, which, like the Windows program, provides an opportunity to preview and provide feedback on new features.
With strong investments in both Windows and Office, it makes sense that the company is also exploring other Microsoft 365 tools, starting with Microsoft Intune. “We are currently exploring co-management with our existing Configuration Manager infrastructure and delivering apps to Intune-managed devices,” says Thorp.
Meanwhile, AstraZeneca is looking into ways to get even more value out of WaaS, including a proof of concept with Windows Analytics. As part of the Operations Management Suite (OMS), Windows Analytics provides deep insights into the health and efficiency of an organization’s desktop environment.
The company is especially interested in Device Health, a Windows Analytics solution that can make it easier to identify device and driver issues. Another benefit of Device Health is that it works with Windows Insider Preview builds. This–plus Microsoft’s recent announcement to service Insider Preview builds in the Slow Ring for great stability–is prompting AstraZeneca to consider integrating Insider Preview builds deeper into their testing cycles.
“Windows as a Service has already helped us make big improvements in how we test and deploy Windows,” says Thorp. “With tools like Device Health, we look forward to reaping even more benefits.”
Given how effectively AstraZeneca has already managed WaaS, it shouldn’t be long before Thorp and his team reach their next Windows milestone.
Resources to help your organization get more out of Windows
Learn more about Windows as a Service. Our technical guidance shows you how to prepare a servicing strategy, builds deployment rings for Windows updates, assign devices to servicing channels and more.
Join the Windows Insider Program for Business. Get updates on Insider Preview features for business plus guidance on how you can deploy, manage, track–and help us shape these features for your organization.
Join the Office Insider Program. As an Insider, you get access to early builds of new features and updates, giving you an exclusive opportunity to give feedback on our latest innovations.
Get started with FastTrack for Microsoft 365. FastTrack offers free deployment and adoption self-serve resources, tools, guidance and engineering assistance for all things Microsoft 365 – collaboration, voice, devices, and security across Windows 10, Office 365, and EMS.