Dispelling common myths of Windows 10 and the Intel vPro® platform

Thank you to Intel IT Peer Network contributors: Diego Silva, marketing engineer; Rajaram Godbole, marketing engineer; Jimmy Wai, technical sales specialist.

Overcome these myths to help maximize value from your IT investments.

New Windows 10 devices powered by the Intel vPro® platform are purpose built for business productivity and security. However, most IT departments still operate under misconceptions that prevent them from fully taking advantage of all that the platform has to offer. Also, following the launch of 10th Gen Intel® Core™ vPro® processors, many organizations may be considering upgrades to gain enhanced remote productivity and manageability tools that their workers need now. Given these factors, it’s prime time to put these myths to rest. Dispelling these misconceptions will help IT leaders make informed decisions about what’s best for their business.

Myth 1: Software-based security is sufficient to protect, manage, or recover your fleet.

In modern enterprise IT departments, managers believe their PC fleet management console is good enough for remote connection, patch deployments, and remediation. But no matter how powerful a management console is, there’s simply no way to connect to a PC through software-based means if the OS is not running or if the device is compromised.

What’s needed is the ability to connect to devices from the hardware layer. Intel® Active Management Technology (Intel® AMT), part of the Intel vPro® platform on Windows 10 devices, gives IT departments the ability to connect to endpoint devices through hardware-based tools. IT technicians can remotely turn on devices at night and push critical patches to keep the entire fleet up to date against security threats. They can also use storage redirection to boot a device from an OS image on the network. This works on compromised devices or on devices where the OS has crashed.

Training Video: Remote KVM Control with Intel® Active Management Technology

Intel® Endpoint Management Assistant (Intel® EMA) extends the capabilities of Intel AMT by providing a secure remote connection to devices both inside and outside the corporate firewall, over the cloud, and through both wired and Wi-Fi connections. Remote manageability is essential to IT as more and more employees work remotely.

Training Video: Logging into Intel® Endpoint Management Assistant

Of course, prevention can be the most cost-effective strategy when it comes to endpoint security. Intel® Hardware Shield in the Intel vPro platform helps to protect against attacks below the OS by verifying that systems boot in a trusted state and by offering extra protection to the BIOS to prevent malware injections. These capabilities, absent from software-based management consoles, help make it easier to manage your PC fleet and help avoid the high cost of in-person repair and remediation for compromised devices.

Myth 2: Businesses that have opted into the Windows 10 Long-Term Servicing Channel can upgrade to the newest hardware.

Microsoft’s Long-Term Servicing Channel (LTSC), or Long-Term Servicing Branch (LTSB), is a Windows 10 opt-in upgrade cycle that deploys new versions every two to three years instead of biannually. This cadence was originally intended for embedded systems that typically don’t run Microsoft Office software, such as point-of-sale systems, kiosks, and medical equipment. However, many enterprises opt for LTSC because OS upgrade cycles can require a lot of compatibility testing that’s resource intensive for IT departments.

The problem is that newer hardware, including but not limited to Intel vPro® platforms, may not work properly with an LTSC build of Windows 10. Microsoft is clear that LTSC is not intended for enterprise environments. In order to safeguard your productivity and ensure that your IT investments in 10th generation Intel® Core™ vPro® processor-based Intel vPro® platforms will operate as intended, make sure you run the standard Semi-Annual Channel (SAC) cycle, which receives feature updates twice per year. Also, with Windows Update for Business, IT administrators can defer Windows 10 feature updates up to 365 days to allow more time for compatibility testing.

The good news is that Intel vPro® platforms offer backward compatibility for up to two prior versions of Windows 10, empowering IT departments with the flexibility to schedule their updates opposite seasonal workloads and minimize downtime for employees.

Myth 3: My Windows 10 device has an Intel Core vPro processor, so I must be benefitting from the Intel vPro platform.

More often than not, end users and even some IT department technicians are either completely unaware that they have an Intel vPro platform-enabled device. Or they think they are benefitting from Intel vPro platform features simply by upgrading the processor to an Intel vPro platform-enabled CPU. The truth is, your platform is not an Intel vPro platform unless it has the enabled processor, chipset, compatible network interface card, and the correct corporate version of firmware.

IT departments seeking to benefit from Intel vPro platform features should look for devices bearing the Intel Core vPro processor sticker. Intel works closely with OEMs to ensure the right hardware, platform features, and configurations are present in systems bearing the Intel Core vPro processor sticker.

Myth 4: I can easily add newly bought Windows 10 devices to my PC fleet, without the Intel vPro platform.

When adding devices to a PC fleet, enterprise IT departments will typically image the new devices with their own preconfigured software stack. The goal is to optimize Windows 10 and other software for that specific device. However, OEMs may change or upgrade hardware components either within or across device SKUs in the middle of their product lifecycles. If the device’s hardware components are different from what the IT department had originally measured and validated, there may be compatibility issues with the image that lead to fatal errors and blue screens. For many IT departments that can’t rely on stable hardware components, imaging and deploying new devices can be an arduous process.

The Intel® Stable IT Platform Program, part of the Intel vPro platform, aims to provide hardware stability with no changes to platform-level components (CPU, chipset, graphics, networking, firmware, and drivers) for up to fifteen months or until the next generational release. This helps ensure that enterprise IT teams only need to measure and validate platform-level components once when creating new device images. IT can rely on a validated device image to accelerate new device deployments.

If IT departments want to delay OS software updates in between buying cycles, the Intel vPro platform offers backward compatibility for up to two prior versions of Windows 10. This flexibility empowers IT departments to schedule their updates opposite seasonal workloads and minimize downtime for employees.

Myth 5: Installing Windows 10 on older devices is fine and gives employees the productivity they need.

Upgrading the OS alone won’t have much effect on employee productivity. Typically, new OS features use more system resources and can ultimately reduce performance on legacy PCs. Also, modern enterprises that manage a PC fleet need to support remote workers with in-band and out-of-band manageability tools just to keep endpoint devices up and running smoothly. As this study from Prowess Consulting helps demonstrate, older devices may not offer the same remote endpoint management capabilities that enterprise IT departments need to maintain a modern PC fleet.[1]

Training Video: Connect to Devices Through a Firewall

Consider a typical scenario in which a ransomware attack compromises an employee’s device. Without new Windows 10 devices enabled by the Intel vPro platform with Intel AMT, the employee would have to return the device to the IT department for remediation. Or IT would have to dispatch a technician to the employee’s workplace or home office. That’s hours, or even days, of potential downtime.[1]

As a bonus, newer devices deliver on performance well beyond previous-generation platforms running Windows 10, and come with modern productivity features that employees need now. For example, a Windows 10 device with a 10th Gen Intel Core vPro processor provides 40 percent faster performance compared to a three-year-old device[2][3] and comes with integrated support for Wi-Fi 6—the best technology for video conferencing.[2][4]

Myth 6: Why bother upgrading? The Intel vPro® platform costs extra money.

Many businesses may be deterred by the initial CapEx of upgrading. But in truth, the low TCO of Windows 10 devices enabled by the Intel vPro platform helps offset the cost of investment and delivers greater productivity to both your IT department and your workforce. A 2018 Forrester study commissioned by Intel helped illustrate these benefits by creating a fictional composite organization of 600 employees using 750 Intel vPro platform-enabled Windows 10 devices.[5]

The study found that these devices saved the composite organization up to 7,680 support hours annually—hours that would normally be spent troubleshooting common PC issues. The devices also saved employees an additional 28,160 hours of work time in fewer hours spent waiting for peripherals to connect or systems to boot.[4] On top of this, the technology saved an additional 832 hours from remote patch deployment.[4] You can extrapolate general cost efficiencies for your organization based on the tens of thousands of payroll hours saved in this example, before even considering the overall performance and productivity gains from faster devices.

Training Video: Manage Devices Even If They Aren’t Intel vPro® Platform-Enabled

Windows 10 devices with 10th Gen Intel Core vPro processors also meet and exceed Microsoft’s Secured Core requirements, the highest rating for general employee productivity-focused devices.[6] Current security features help protect your data, your users, and your reputation, which merits the question: what are these worth to your organization?

Myth 7: Without the Intel vPro platform, my Windows 10 device gives me great performance anyway, even on battery alone.

Battery life is essential as employees move around within a workspace unplugged from wall sockets or engage in remote work off-site. However, most end users don’t realize that, depending on their OEM/ODM configuration, their device will intentionally throttle the processor when disconnected from AC power to help extend the battery life. For this reason, it’s a good idea for users and IT departments to look not only at battery life, but also the real-life performance of a PC when it’s unplugged.

The Intel vPro platform features Intel® Threat Detection Technology (Intel® TDT), which offloads background virus scanning from the CPU to the GPU.[7] Running a virus scan in the background will typically slow down a machine and use up a lot of CPU power and battery life. However, by offloading this process to the GPU, the CPU remains unaffected and end users won’t notice an impact on their PC performance. Users who have virus scans prescheduled don’t have to worry about it impacting their battery life as much. And users who normally forego virus scans because it soaks up CPU power can let the virus scans run and help keep their PC protected.

Driving growth through uncertainty

Businesses are facing stern competition, along with global factors and externalities, that make it more difficult than ever to plot the right course for business growth. Now that IT departments can provide better direction about Windows 10 devices with the Intel vPro platform, decision-makers and end users alike can better understand how hardware-enabled capabilities will better prepare them for future challenges.

Learn how the Intel vPro platform delivers a business-class experience at intel.com/vPro.

1 “Newer Client Devices Powered by 8th Generation Intel® Core™ vPro® Processors Deliver Big Benefits,” Prowess Consulting, 2020. https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/advantages-of-vpro-white-paper.html.
2 Performance results are based on testing as of April 30, 2020 and May 4, 2020 and may not reflect all publicly available updates. See configuration disclosure for details. No product can be absolutely secure. Software and workloads used in performance tests may have been optimized for performance only on Intel® microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations, and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information about performance and benchmark results, visit intel.com/benchmarks.
3 Measured on platforms with:
Intel® preproduction processor: Intel® Core™ i7-10810U (CML-U 6+2) PL1=15W, 6C12T, Turbo up to 4.9 GHz; Memory: 2x16GB DDR4-2667 2Rx8; Storage: Intel® 760p M.2 PCIe NVMe SSD; Display Resolution: 1920x1080; OS: Windows 10 19H2-18363.ent.rx64.691-Appx68. Power policy set to AC/Balanced mode for all benchmarks except SYSmark 2018, which is measured in AC/BAPCo mode for Performance. Power policy set to DC/Balanced mode for power. All benchmarks run in Admin mode & Tamper Protection Disabled/Defender Disabled; Graphics driver: 2020-02-11-ci-master-4102-revenue-pr-1007926-whql; Temperature: Tc=70c for all performance measurements. Tc=50c for MobileMark 2018. Compared to Processor: Intel® Core™ i7-7600U (KBL-U 2+2) PL1=15W, 2C4T, Turbo up to 3.9 GHz; Memory: 2 X 4GB DDR4; Storage: Intel® 660p M.2 PCIe NVMe SSD; Display Resolution: 1920x1080; OS: Windows 10 Pro 10.0.18362.175. Power policy set to AC/Balanced mode for all benchmarks except SYSmark 2018, which is measured in AC/BAPCo mode for Performance. Power policy set to DC/Balanced mode for power. All benchmarks run in Admin mode & Tamper Protection Disabled / Defender Disabled, Graphics driver: n/a, BIOS.
4 As measured by OTA (Over the Air) Wi-Fi 6 (802.11ax) vs. Wi-Fi 5 (802.11ac) NB client Skype video conferencing latency test data, obtained in standard IT 20 MHz and 40 MHz network deployment scenarios. Wi-Fi networks consist of 8 NB clients with 7 clients generating 20 Mbps Wi-Fi traffic (using IxChariot traffic simulator) while 1 client conducts a 5 minute Skype video conference session with a 9th client connected via 10/100/1000 Ethernet to a local server. Skype data obtained via Skype reporting application. 8 NB Wi-Fi network client specifications: Dell XPS 13 (10th Gen), Killer AX1650, Driver 21.90.0.9; OS: Win 10 19H1 64-bit, 9th NB Callee (wired) = Dell G7 15 7588, Killer E2400, Driver: 9.0.0.42, OS: Win 10 19H1 64-bit; Enterprise APs: (AC) Wi-Fi 5: Cisco 3800, FW: 8.10.128.91; (AX) Wi-Fi 6: Cisco 9130, FW: 8.10.128.91 Wi-Fi 6 performance benefits require use of similarly configured Wi-Fi 6 networking infrastructure (routers, gateways, and APs) based on the IEEE 802.11ax wireless standard specification. Test data represents best case results through a controlled local network to show relative Wi-Fi 6 vs. Wi-Fi 5 technology differences. Actual real-world corporate results may vary and are expected to be higher due to 1) greater number of diverse clients, 2) higher network traffic levels, and 3) greater physical client distance from Skype server.
5 “The Total Economic Impact™ Of The Intel vPro Platform,” a Forrester study commissioned by Intel, December 2018. https://newsroom.intel.com/wp-content/uploads/sites/11/2019/05/Intel-vPro-Platform-TEI-Case-Study.pdf.
6 “Introducing the security configuration framework: A prioritized guide to hardening Windows 10,” Microsoft security blog, April 2019. https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/.
7 “Intel Threat Detection Technology Uses GPU To Speed Up Antivirus,” Tom’s Hardware, April 2018. https://www.tomshardware.com/news/intel-threat-detection-technology-tdt-gpu-offloading,36911.html.
Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.