In this blog I try to reflect my thoughts on how to treat a tablet device which is equipped with Windows 8 (preferably Enterprise) in a corporate environment.
I assume the following things are in place:
- The tablet is a domain member, activation is done using Key Management Service (KMS)
- Machines are deployed using a centralized and standardized method using tools such as Configuration Manager 2012 SP1 and/or MDT 2012 U1
- Company policy requires Bitlocker to be enabled if the tablet device has a TPM chip, the recovery key is stored in Active Directory
- DirectAccess is used to have the device connected to the corporate network, no matter where the user is located as long as an internet connection is available (don’t bother VPN or other stuff that might frustrate a user)
Devices such as Windows Phones, Windows RT based tablets or Apple iPads are ones that will mostly reside outside the corporate network. For these devices it is recommended that management is facilitated for outside use, for example Windows Intune or a similar product.
A Windows 8 tablet, however, is something that can be fully managed by Group Policy and tools such as Configuration Manager 2012 SP1. Keeping this ability in perspective, I would consider a Windows 8 tablet a fat client. A user should still be allowed to connect his or her account with a Microsoft account to allow to use the Windows Store.
This may sound shocking that I would treat a Windows 8 similarly as a desktop or laptop. For me, they all have the same Operating System. The only difference is that a Windows 8 tablet is a little bit smaller in size and easier to carry than a laptop (or even a desktop for the die-hards).
Using DirectAccess allows administrators to manage these devices the same way as internal devices, even if a tablet user is doing is of her job at the beach in a hangmat having a nice cocktail…