Many organizations are about to make the move to Windows 7 and asking, should I skip 7 and go with 8? After some research, I have to say my personal answer is "definitely not". Here's why...

  • Windows Store apps can only be installed from the Windows Store. Only "Line of Business" (LOB) apps can be installed outside the Windows Store interface. To install an application without the Windows Store is called sideloading and is not supported for any Windows Store applications.
  • Devices that move between work and home cannot manage Windows Store access or enforce control over what apps may be installed (via AppLocker). Group Policy is required for such controls so the user must log in to a managed domain. 
  • An IT administrator cannot manage application updates. The user must initiate all updates. You can use Group Policy to automatically download updates, but it cannot force installation (users must initiate updates). 
  • Use of the Windows Store (and any apps you get from the Windows Store) requires a Windows Live (Microsoft) account. You can log in with an Active Directory (AD) account but will then be prompted for your Microsoft account whenever you run a Windows Store app. You can connect your AD account to your Microsoft account, but there does not appear to be an automated way to do so making it a manual process for every user.
  • Windows 8 RT is heavily reliant on Windows Store applications as it cannot run desktop applications (at least with Windows 8 on x86 you can use the start menu as a nice interface to launch business desktop applications)

It's not all bad though; on the plus side...

  • You can prohibit access to the Windows Store via Group Policy for specific machines or for specific users and groups.
  • While you cannot manage applications very effectively, you can customize the Windows 8 Start screen multiple ways (removing, moving and labeling time groups).
  • You can associate your Microsoft account with your Active Directory account so that you don’t need to log in separately with your Microsoft account again in the future.

Other interesting information on Windows 8 app limitations…

  • Windows apps run with very limited user rights compared to their non-Windows 8 counterparts that run with standard user rights by default. Windows apps can access only those resources (files, registry keys, etc.) to which they have been explicitly granted access. This can introduce interesting scenarios where data files cannot be accessed by an application.
  • All application packages must be signed with a trusted signature.

I wonder if vendors selling business applications may attempt to do so as LOB applications instead of using the Windows Store in order to support sideloading. 

The benefits of using a Microsoft account are great for consumers (Windows and application settings sync between other devices using the same account). However, for a corporate environment, deploying applications is considerably more complicated with some serious limitations. The drastic user interface changes will necessitate some training, but with a management shift that is so user-centric, the user will need to do more for themselves-- not just installing and updating applications but in most cases they will also have to be aware of two separate accounts (Microsoft and AD).

More control to the user, less to the admin. I suppose some users will be happy!