Microsoft to organizations: How to secure your network Watch Now

Last September, Microsoft officially took the wraps off its Microsoft Managed Desktop service, a subscription offering under which Microsoft sets up, updates and manages business users' Windows 10 PCs for a fee. The MMD service originally only supported Microsoft Surface PCs. But recently, Microsoft added several Dell and HP PCs to its MMD supported hardware list.

Also: The Windows 10 security guide

MMD makes Microsoft users' one-stop-shop PC provider. Under the plan, Microsoft provides users with pre-configured Windows 10 PC hardware; ongoing Windows 10 feature updates, as well as security updates and other fixes; and overall management of those devices for a single, per-user monthly subscription fee. (The cost of this service will vary by user, based on size of the customer, type of device, etc.)

MMD includes Microsoft 365 (specifically, Windows 10 Enterprise E3 and Office 365 ProPlus); Windows Autopilot; and select Windows 10 hardware. Microsoft does the device configuration, security monitoring and remediation, app deployment, update management, desktop analytics and 24-by-7 end-user support.

Credit: Microsoft

Bill Karagounis, who heads up the MMD effort as General Manager of the Enterprise Mobility & Management team with the Experiences & Devices Group, noted on LinkedIn recently that Microsoft is using intelligence gleaned from the millions of Windows machines installed in the world to run and improve MMD. From his post:



"With Microsoft Managed Desktop (MMD), we utilize the insights from hundreds of millions of machines in the windows ecosystem to help ensure we have a solid foundation for our service. This means that in addition to having the right hardware components to meet MMD security lockdown and user experience needs, the device model is also meeting our reliability bar leveraging the diagnostic data mentioned above.

"We don't stop there. We also keep monitoring device reliability of MMD devices running in our customers' production environments to ensure that reliability is sustained given updates over time."

Microsoft quietly has been adding more MMD details to its online documentation. One of the most interesting sections of its documentation is around how Microsoft is managing Windows 10 updates for MMD users. Microsoft deploys updates at different intervals, depending on whether they are feature updates; security updates; drivers/firmware; and antivirus definitions.

Must read

Microsoft is applying these updates via rings, designated as Test, First, Fast and Broad. Windows 10 Feature updates, which are the twice-yearly releases of features and fixes that Microsoft rolls out in April and October, go to those in the First ring 30 days after they're released. They go to Fast 60 days after the initial release and broadly after 90 days.

Microsoft is not supporting any Windows 10 Insider builds with MMD, so any PCs running Insider test builds are not included in customers' MMD coverage. Microsoft also doesn't support line-of-business applications and network resources under MMD. As officials note in the documentation: "We are partnering with, not replacing, your corporate helpdesk; Line-of-Business (LOB) apps, network resources, etc. are still handled by your helpdesk."



Currently, Microsoft is offering MMD in North America, the United Kingdom and Australia only.

Related stories: