The Risk of Running Windows XP After Support Ends April 2014

Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014.  Since then, many of the customers I have talked to have moved, or are in the process of moving,  their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.

There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft.  Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8.  I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.

What is the risk of continuing to run Windows XP after its end of support date?  One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case.

When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality. For example, if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability.  To ensure that our customers are not at a disadvantage to attackers who employ such practices, one long standing principle that the Microsoft Security Response Center (MSRC) uses when managing security update releases is to release security updates for all affected products simultaneously.  This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.

But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer.  The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever.  How often could this scenario occur?  Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.

Some of the people I have discussed this scenario with are quick to point out that there are security mitigations built into Windows XP that can make it harder for such exploits to be successful.  There is also anti-virus software that can help block attacks and clean up infections if they occur.  The challenge here is that you’ll never know, with any confidence, if the trusted computing base of the system can actually be trusted because attackers will be armed with public knowledge of zero day exploits in Windows XP that could enable them to compromise the system and possibly run the code of their choice. Furthermore, can the system’s APIs that anti-virus software uses be trusted under these circumstances? For some customers, this level of confidence in the integrity of their systems might be okay, but for most it won’t be acceptable.

As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art when they were developed many years ago.  But we can see from data published in the Microsoft Security Intelligence Report that the security mitigations built into Windows XP are no longer sufficient to blunt many of the modern day attacks we currently see.  The data we have on malware infection rates for Windows operating systems indicates that the infection rate for Windows XP is significantly higher than those for modern day operating systems like Windows 7 and Windows 8.

Figure 1: Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as reported in the Microsoft Security Intelligence

I recently wrote about the findings of a new study on exploit activity that we just published: Software Vulnerability Exploitation Trends – Exploring the impact of software mitigations on patterns of vulnerability exploitation. This seven-year study indicates that attackers have evolved their attacks to overcome one of the key security mitigations that Windows XP has: Data Execution Prevention (DEP). Figure 3 shows the number of common vulnerabilities and exposures (CVEs) that had exploits that would have been mitigated if DEP were enabled compared to the number of CVEs that had exploits that bypassed DEP. With the exception of 2007 and 2008, there appears to be a clear downward trend in DEP’s ability to retroactively break exploits. This trend is not because DEP is no longer effective; rather, it is an indication that attackers have been forced to adapt to environments in which DEP is already enabled—at increased cost and complexity. The evidence is the increasing number of CVEs that had exploits that bypassed DEP.

Figure 2 (left): The number of CVEs that were exploited using specific exploitation techniques; Figure 3 (right): The number of CVEs for which exploits were written that could have been mitigated by enabling DEP as compared to the number of CVEs that had exploits that bypassed DEP

This new data shows us that the predominate threats that individuals and organizations face are now much different than they were when Windows XP Service Pack 3 was released. Turning on the Windows Firewall in Windows XP Service Pack 2 and later operating systems forced attackers to evolve their attacks. Rather than actively targeting remote services, attackers now primarily focus on exploiting vulnerabilities in client applications such as web browsers and document readers. In addition, attackers have refined their tools and techniques over the past decade to make them more effective at exploiting vulnerabilities. As a result, the security features that are built into Windows XP are no longer sufficient to defend against modern threats. Windows 8 has significantly superior security mitigations compared to Windows XP as Figure 4 illustrates. Detailed information on the new security mitigations built into Windows 8 is available in the aforementioned research paper.

Figure 4: The table below compares the mitigation features supported by Internet Explorer 8 on Windows XP Service Pack 3 with the features supported by Internet Explorer 10 on Windows 8. As this table shows, Internet Explorer 10 on Windows 8 benefits from an extensive number of platform security improvements that simply are not available to Internet Explorer 8 on Windows XP.

Organizations need a level of certainty about the integrity of their systems. Minimizing the number of systems running unsupported operating systems is helpful in achieving that. End of support for Windows XP is April 8, 2014.

Reference by

Windows Server 2012 R2 Capability : Server virtualization

When you optimize your business for the cloud with Windows Server 2012 R2, you take advantage of your existing skillsets and technology investments. You also gain all the Microsoft experience behind building and operating private and public clouds – right in the box.

Delivered as an enterprise-class, the simple and cost-effective server and cloud platform Windows Server 2012 R2 delivers significant value around seven key capabilities:

Windows Server 2012 R2 capabilities

Server Virtualization

Windows Server Hyper-V offers a scalable and feature-rich virtualization platform that helps organizations of all sizes realize considerable cost savings and operational efficiencies. With Windows Server 2012 R2, server virtualization with Hyper-V pulls ahead of the competition by offering industry-leading size and scale that makes it the platform of choice for running your mission critical workloads. Using Windows Server 2012 R2, you can take advantage of new hardware technology, while still utilizing the servers you already have. This functionality enables you to virtualize today and be ready for the future tomorrow.

Whether you are looking to expand virtual machine mobility, increase virtual machine availability, handle multi-tenant environments, gain bigger scale, or gain more flexibility, Windows Server 2012 R2 with Hyper-V gives you the platform and tools you need to increase business agility with confidence. Plus, you can also benefit from workload portability as you extend your on-premises datacenter into a service provider cloud or Windows Azure.

 Enterprise-class scale and performance

Windows Server 2012 R2 offers massive scale to help transform your datacenter into an elastic, always-on cloud. For example, Hyper-V in Windows Server 2012 R2 provides industry-leading virtualization host support for 320 logical processors, 4TB of physical memory, and 1,024 active virtual machines per host. Hyper-V also supports 64-node clusters and 8,000 virtual machines per cluster as well as a 64 TB virtual disk format with the ability for online resize – the ability to grow or shrink a VHDX-formatted virtual disk dynamically while it is running, without downtime.

 Enterprise class scale and performance

Live migration is an important virtual machine mobility feature that has continued to improve since it was introduced with Windows Server 2008 R2. In Windows Server 2012 R2, these performance improvements have been taken to the next level. Live migration compression accelerates live migration transfer speed by compressing the VHD/VHDX file, improving performance by roughly 2x for most workloads. Live migration with remote direct memory access (RDMA), another new feature in Windows Server 2012 R2, delivers the highest performance for live migrations over >10 GB network connections, supporting transfer speeds of up to 56 Gigabytes, by offloading the transfer to hardware and harnessing the power of RDMA technologies.

 Virtualized Microsoft workloads, such as Exchange, SQL, and SharePoint, run best on a Hyper-V infrastructure. For example, independent third-party testing by The Enterprise Strategy Group, Inc. (ESG Lab) showed that an Exchange Server 2013 infrastructure deployed within twelve Hyper-V virtual machines running on a single physical server supported the I/O requirements of up to 48,000 simulated users. The average database read-response times ranged between 5.02 and 15.31 milliseconds, well below the Microsoft recommended limit of 20 milliseconds. In another ESG Lab test case, an existing SQL Server 2012 online transaction processing (OLTP) workload, virtual processor (vCPU)-limited by the maximum allowed configuration of four vCPUs imposed by Windows Server 2008, increased performance by six times by taking advantage of 64 vCPUs in Windows Server 2012. The average transaction response times also improved five times, from four vCPUs to 64 vCPUs.

Windows Server 2012 R2 also introduces generation 2 virtual machines to Hyper-V. These virtual machines provide Unified Extensible Firmware Interface (UEFI )firmware support, Pre-Boot Execution Environment (PXE) boot, secure boot, and boot from a Small Computer System Interface (SCSI) virtual hard disk VHD. Some older virtual hardware such as Integrated Drive Electronics (IDE) controllers has been removed. This change can help contribute to faster boot times and more flexible configurations. However, Windows Server 2012 R2 only supports more recent operating systems and does not support conversion between generation 1 and generation 2.

These enterprise-class features help ensure that your virtualization infrastructure can support the configuration of large, high-performance virtual machines for sustaining Microsoft or other, mission-critical workloads that you might need to significantly scale.

 Virtual machine mobility

Windows Server 2012 R2 enables you to manage virtual machines independently of their underlying physical infrastructure. In addition, Windows Server 2012 R2 also enables you to handle changes in resource demand as they occur and gives you the ability to rebalance running virtual machines either through the servers on which the virtual machines reside or the storage resources used by the virtual machines.

Introduced with Windows Server 2012 as an industry-first capability, shared-nothing live migration enables you to move a virtual machine, live without downtime, from one physical system to another, even if the systems are in different clusters or not connected to the same shared storage. This capability means you can live-migrate a virtual machine from one cluster to a different cluster without setting up complex storage mappings. Such functionality can prove beneficial in many different situations, such as in a branch office where you may be storing the virtual machines on a local disk, and you want to move a virtual machine from one node to another. This feature also can prove useful when you have two independent clusters and you want to move a virtual machine, live, between them, without having to expose their shared storage to one another. Windows Server 2012 R2 also introduces cross-version live migration that enables you to move virtual machines from a server or cluster running Windows Server 2012 to a server or cluster running Windows Server 2012 R2 with no downtime. In multi-tenant environments of service providers, tenants are frequently asking for application-level, high availability for their workloads. To address this need, Windows Server 2012 R2 provides complete flexibility with multiple options for guest clustering, without making you sacrifice agility and density in your environment. In addition to Fibre Channel, iSCSI, and server message block (SMB) protocol support, Windows Server 2012 R2 now also offers shared VHDX files. Shared VHDX files can be stored either on a scale-out file server cluster or on cluster-shared volumes (CSV) on block storage. Shared VHDX clustering also preserves dynamic memory, live migration, and storage live migration for a virtual machine that is part of the guest cluster.

First introduced in Windows Server 2012, Hyper-V Replica provides a storage- and workload-agnostic solution that replicates efficiently, periodically, and asynchronously over IP-based networks, typically to a remote site. Hyper-V Replica also enables an administrator to easily test the replica virtual machine without disrupting the ongoing replication. If a disaster occurs at the primary site, administrators can quickly restore their business operations by bringing up the replicated virtual machine at the replica site. New in Windows Server 2012 R2, Hyper-V Replica enables configurable, replication frequencies down to 30 seconds or up to 15 minutes. Furthermore, Hyper-V Replica now supports multiple nodes, meaning tertiary replica sites for example, such as in the case of a service provider who wants to replicate a customer’s workload to another datacenter.

Another innovation around Windows Server 2012 R2 is Windows Azure Hyper-V Recovery Manager. Hyper-V Recovery Manager combines Windows Azure, System Center Virtual Machine Manager, and Hyper-V Replica to deliver planned and cost-effective business continuity of workloads. With Windows Azure Hyper-V Recovery Manager, you can protect services by automating the replication of the virtual machines that composes them at a secondary location. Hyper-V Recovery Manager also provides continuous health monitoring of the primary site and coordinates the orderly recovery of services in the event of a site outage.

 First-class citizen support for Linux as a guest

Many enterprise IT departments and service providers today run a mix of hypervisors, operating systems, and applications in their datacenter. Oftentimes, migrating from one platform to another is not possible or even feasible from a technical standpoint due to the size and scope involved. Designed to integrate well with heterogeneous IT environments, Windows Server 2012 R2 supports a cross-platform cloud infrastructure by adding comprehensive functional support for Linux guests running on top of Hyper-V.

Dynamic Memory, a Hyper-V feature first introduced in Windows Server 2008 R2 SP1, automatically reallocates memory between virtual Cloud optimize your business with Windows Server 2012 R2 9


machines running on a Hyper-V host. This results in a more efficient allocation of virtual machine memory while dramatically increasing virtual machine consolidation ratios. In Windows Server 2012 R2, Hyper-V now offers full dynamic memory support for Linux guests including:

Ÿ Minimum memory setting — ability to set a minimum value for the memory assigned to a virtual machine lower than the startup memory setting.

Ÿ Hyper-V smart paging — paging used to enable a virtual machine to reboot while the Hyper-V host is under extreme memory pressure.

Ÿ Memory ballooning — reclaiming unused memory from a virtual machine for another virtual machine with memory needs.

Ÿ Runtime configuration — adjusting the minimum memory and maximum memory configuration setting on the fly, without requiring a reboot, while the virtual machine continues to run.

 Also, previously, if you wanted to take advantage of Linux Integration Services (LIS) for your Hyper-V environment, you had to go to the Microsoft Download Center, download the correct LIS package for your Linux distribution, and then manually install it on your Hyper-V servers. With Windows Server 2012 R2 Hyper-V hosts, key Linux vendors have included LIS for Hyper-V in their standard distributions, eliminating the manual step required to take advantage of the latest LIS capabilities.

Reference by:

Exchange Top Features

  • Increase user productivity and keep your organization safe, while maintaining the control you need.

Remain in control

Exchange lets you tailor your solution based on your unique needs and ensures that your communications are always available, while you remain in control, on your own terms—online, on-premises, or a hybrid of the two.

 Office 365 Exchange Admin

Move to the cloud on your terms. Exchange provides you with flexible options for moving to the cloud, whether that’s onboarding to the cloud overnight or managing a hybrid deployment with mailboxes that are both on-premises and online. Limit user disruption when mailboxes are smoothly moved across environments, and let users share calendars and schedule meetings, regardless of the environment their mailbox is in. Try out upcoming enhancements in the cloud with support for upgrade previews.

Decrease the amount of time spent on management, while maintaining control. Manage powerful capabilities, including Data Loss Prevention (DLP) and site mailboxes, from the Exchange Administration Center —a single, easy-to-use, web-based administration interface. Role-based access control empowers your helpdesk and specialist users to perform specific tasks without requiring full administrative permissions. This streamlined and intuitive experience helps you manage Exchange efficiently, delegate tasks, and focus on driving your business forward.

Keep important data in one place with Exchange archiving, large mailboxes, and retention policies. Empower your users with a large mailbox to allow them the flexibility to retain email in their primary mailbox or move items to an In-Place Archive. With flexible and powerful retention policies, you can take control of your storage and compliance demands while keeping your users productive.

Do more, on any device

Exchange lets your users be more productive by helping them manage increasing volumes of communications across multiple devices and work together more effectively as teams.


Give your users an intuitive, touch-enabled inbox experience. Get more done from anywhere with a clean, uncluttered inbox that focuses on the relevant and important information.

Allow your users to work better together on teams and projects. Site mailboxes* let users collaborate on projects, get up to speed quickly on teams they join, and share information easily. Co-authoring, document storage, and versioning are provided by SharePoint, while messaging is handled by Exchange, for a complete user experience, including document access.

Customize Exchange by integrating web-based apps for Outlook and Outlook Web App. Help your users spend less time switching between apps and make their communications experience more powerful with an extension model that allows you to provide easy plug-in access to web-based apps within both Outlook and Outlook Web App. With single sign-on to multiple apps, you can reduce complexity for users and give them secure, authorized access for each approved application.

Keep your organization safe

Use Exchange to protect business communication and sensitive information in order to meet internal and regulatory compliance.


Eliminate email threats before they reach your network. Exchange actively protects your communications with built-in defenses against viruses, spam, and phishing attacks.

Protect your sensitive data and inform users of internal compliance policies. Prevent users from mistakenly sending sensitive information to unauthorized people. Data Loss Prevention (DLP) features identify, monitor, and protect sensitive data through deep content analysis, and PolicyTips in Outlook inform users about policy violations before sensitive data is sent. Built-in DLP policies are based on regulatory standards such as PII and PCI, plus Exchange can support other policies important to your business.

Let your compliance officers run In-Place eDiscovery across Exchange, SharePoint, and Lync from a single interface. Ensure internal and regulatory compliance by using the new eDiscovery Center* to identify, hold, and analyze your organization’s data from Exchange, SharePoint, and Lync. The data always remains in-place, so you never have to manage a separate store of data.

Below is the part number and details from Microsoft Paper license




ExchgeOnlnPlan1Open ShrdSvr SNGL SubsVL OLP NL Annual Qlfd


Reference by:




XP Retiral – Business is at RISK / Banks Face Security Risk/ Indian Govt Issues Advisory

  1. Windows XP is already significantly more likely to become infected with Malware. Post April 2104, attackers and hackers will take advantage of customers who continue to run on XP exposing their vulnerability. Do go through the attached document outlining the RISKS that business customers have.
  2. The article below outlining the risks that banks have if they stay with XP issued by US regulatory body
  3. The Government of India has also issued a letter to its departments to move off XP prior to the deadline. The letter is from the emergency response cell.

PCI DSS compliance at risk if banks use Windows XP after Microsoft withdraws support services, regulatory agencies warn.

Banks that use the Windows XP operating system will face a risk to their compliance with payment card data security rules if they continue to operate the software after Microsoft withdraws its extended support services, a US regulatory body has warned.

Windows XP End Of SupporApril 2014.pdf

Cert In Advisory Windows XP End Of Support.pdf



Reference by

Compare Windows 7 to Windows 8.1

Compare Windows 7 to Windows 8.1

Windows 7 Windows 8.1
The familiar desktop    
Works with a mouse and keyboard    
Works with Word, Excel, Outlook, and other familiar programs    
Built for touch PCs and tablets  
Apps from the Windows Store  
Mail, People, and other built-in apps  
Keep your settings and apps on all your PCs and devices  
Bing smart search to find things across the web, apps, and your PC  
Start screen with live updates  
Faster startup times  


Licensing Microsoft SharePoint Server 2013

Visual Studio Capabilities Comparison

Visual Studio editions are tailored to specific team needs and sizes, as well as the roles of individual team members. Find the one that’s right for you.

Video Ultimate with MSDN Premium with MSDN Test Professional with MSDN Professional with MSDN Professional
Work in the same IDE to create solutions for the web, desktop, cloud, server, and phone Yes Yes Yes Yes
Examine and refine your code with extensive tools for app debugging and profiling Yes Yes Yes Yes
Verify code quality with unit testing and an extensible testing framework Yes Yes Yes Yes
Get access to Microsoft platforms and tools past and present, with new releases added all the time Yes Yes Yes Yes
Get Team Foundation Server and a Team Foundation Server CAL for production use Yes Yes Yes Yes
Take your apps to the cloud, Windows Store, and Windows Phone Marketplace with included services as subscription benefits Yes Yes Yes Yes
Provision and manage virtual lab environments for testing with consistent configurations Yes Yes Yes
Coordinate your team with agile project management tools   Yes Yes Yes
Organize and define your test plans with test case management and exploratory testing Yes Yes Yes
Improve code quality with a peer code review workflow within Visual Studio   Yes Yes
Improve developer productivity when multitasking with task suspend and resume Yes Yes
Automate user interface tests to validate application UI   Yes Yes
Find and manage duplicate code in your code base to improve your architecture Yes Yes
Determine how much code is being tested with code coverage analysis Yes Yes
Reliably capture and reproduce bugs found during manual and exploratory testing to eliminate “no repro” bugs Yes
Understand the dependencies and relationships in your code through visualization Yes
Visualize the impact of a change, or a potential change in your code Yes
Collect and analyze runtime diagnostic data from production systems Yes
Perform unlimited web performance and load testing Yes
Design architectural layer diagrams to then validate code implements the architecture Yes

Feature comparisons

Looking for specific features, like build automation or test case management? Check to see which Visual Studio editions have them.

Categories and features
Expand AllCollapse All
Feature Video Ultimate with MSDN Premium with MSDN Test Professional with MSDN Professional with MSDN Professional
Debugging and Diagnostics 4/4 3/4 0/4 2/4 2/4
IntelliTrace (Historical Debugging) Yes
IntelliTrace in Production Yes
Code Metrics Yes Yes
Graphics Debugging Yes Yes Yes Yes
Advanced Web Debugging (Page Inspector) Yes Yes Yes Yes
Static Code Analysis Yes Yes Yes Yes
Debugger Yes Yes Yes Yes
Windows 8 Simulator Yes Yes Yes Yes
Profiling Yes1 Yes1 Yes Yes
Windows Phone Emulator Yes Yes Yes Yes
Testing Tools 4/4 3/4 2/4 1/4 1/4
Web Performance Testing Yes
Load Testing Yes
Microsoft Fakes (Unit Test Isolation) Yes
Code Coverage Yes Yes
Coded UI Testing Yes Yes
Manual Testing Yes Yes Yes
Exploratory Testing Yes Yes Yes
Test Case Management Yes Yes Yes
Fast Forward for Manual Testing Yes Yes Yes
Lab Management Yes Yes Yes
Extensible Testing Framework Yes Yes Yes Yes
Unit Testing Yes Yes Yes Yes
Integrated Development Environment 4/4 4/4 0/4 3/4 3/4
Code Clone Yes Yes
Refactoring Yes Yes Yes Yes
LightSwitch Yes Yes Yes Yes
One-Click Web Deployment Yes Yes Yes Yes
Extensible WPF-Based Environment Yes Yes Yes Yes
Model Resource Viewer Yes Yes Yes Yes
Multi-Targeting Yes Yes Yes Yes
Blend for Visual Studio Yes Yes Yes Yes
JavaScript and jQuery Support Yes Yes Yes Yes
Project & Solution Compatibility with Visual Studio 2010 SP1 Yes Yes Yes Yes
Multiple Monitor Support Yes Yes Yes Yes
Development Platform Support 4/4 4/4 0/4 4/4 4/4
Windows Desktop Development Yes Yes Yes Yes
Windows Store Application (including ARM) Development Yes Yes Yes Yes
Web Development Yes Yes Yes Yes
Windows Phone Development Yes Yes Yes Yes
Office and SharePoint Development Yes Yes Yes Yes
Cloud Development Yes Yes Yes Yes
Customizable Development Experience Yes Yes Yes Yes
Architecture and Modeling 4/4 2/4 0/4 1/4 1/4
Architecture Explorer Yes
Architecture and Layer Diagrams Yes
Architecture Validation Yes Yes
UML® 2.0 Compliant Diagrams (Activity, Use Case, Sequence, Class, and Component) Yes Yes2
Visualize Code with Dependency Graphs (By Assembly, By Namespace, and By Class) Yes Yes2 Yes2 Yes2
Code Maps Yes Yes2 Yes2
Lab Management 4/4 4/4 4/4 0/4 0/4
Virtual Environment Setup & Tear Down Yes Yes Yes
Provision Environment from Template Yes Yes Yes
Checkpoint Environment Yes Yes Yes
Team Foundation Server 4/4 4/4 4/4 3/4 3/4
Backlog Management Yes Yes Yes
Sprint Planning Yes Yes Yes
Agile Task boards Yes Yes Yes Yes Yes3
Exception Analytics (PreEmptive Analytics for TFS CE) Yes Yes Yes Yes Yes3
SharePoint Integration (Team Project Portal) 4 Yes Yes Yes Yes Yes3
Reporting & BI Yes Yes Yes Yes Yes3
Project & Project Server integration 5 Yes Yes Yes Yes Yes3
System Center Integration6 Yes Yes Yes Yes Yes3
Version Control Yes Yes Yes Yes Yes3
Work Item Tracking Yes Yes Yes Yes Yes3
Build Automation Yes Yes Yes Yes Yes3
Kanban Board Yes Yes Yes
Collaboration 4/4 4/4 3/4 2/4 2/4
PowerPoint Storyboarding Yes Yes Yes
Request and Manage Feedback 7 Yes Yes Yes
Code Review Yes Yes
Task Suspend/Resume Yes Yes
Team Explorer Yes Yes Yes Yes Yes3
Team Explorer Everywhere for TFS (3rd-Party Development Tools Support) Yes Yes Yes Yes Yes3
Software and Services for Production Use 4/4 3/4 2/4 2/4 1/4
Visual Studio Updates 8 Yes Yes Yes Yes Yes
Team Foundation Server Yes Yes Yes Yes
Team Foundation Server CAL Yes Yes Yes Yes
Team Foundation Service10 Yes Yes Yes
Office Professional Plus Yes Yes
Windows Azure9 Yes Yes Yes
Software for Development and Testing 4/4 4/4 1/4 1/4 0/4
Windows, Windows Server Yes Yes Yes Yes
Microsoft SQL Server Yes Yes Yes Yes
Microsoft Office Yes Yes
Microsoft Dynamics Yes Yes
All other Microsoft servers (SharePoint, Exchange, etc.) Yes Yes
Other Benefits 4/4 4/4 2/4 2/4 0/4
Technical Support Incidents 4 4 2 2
Microsoft E-Learning Collections (per year) 2 2 1 1
  1. Includes Tier Interaction Profiling
  2. Read-Only Diagrams
  3. Requires full Team Foundation Server and TFS CAL (purchased separately)
  4. Microsoft SharePoint Server licensed separately
  5. Microsoft Project and Project Server licensed separately
  6. Microsoft System Center licensed separately
  7. End users can use the free Feedback Client to submit feedback to TFS, and access MSDN software to review the app and provide feedback.
  8. MSDN Subscription not required. Updates vary by edition.
  9. Windows Azure benefits vary by offering
  10. Paid MSDN subscriptions will have access at no additional charge when paid plans become available



Volume Activation-KMS & MAK

What is Volume Activation?

Volume Activation is a product activation technology that was first introduced with Windows Vista and Windows Server 2008. It is designed to allow Volume License customers to automate the activation process in a way that is transparent to end users.

Volume Activation applies only to systems that are covered under a Volume Licensing program and is used strictly as a tool for activation. It is not tied to license invoicing or billing.

Volume Activation provides two different models for completing volume activations. Either or both key types may be used by customers to activate systems in their organization:

  • Key Management Service (KMS)
    KMS allows organizations to activate systems within their own network.
  • Multiple Activation Key (MAK)
    MAK activates systems on a one-time basis, using Microsoft’s hosted activation services.


What is the Key Management Service (KMS)?

The Key Management Service (KMS) is an activation service that allows organizations to activate systems within their own network, eliminating the need for individual computers to connect to Microsoft for product activation. It does not require a dedicated system and can be easily co-hosted on a system that provides other services.

KMS requires a minimum number of either physical or virtual computers in a network environment. These minimums, called activation thresholds, are set so that they are easily met by Enterprise customers.

  • Activation Thresholds for Windows – Your organization must have at least five (5) computers to activate servers running Windows Server 2008 or Windows Server 2008 R2 and at least twenty-five (25) computers to activate client systems running Windows Vista or Windows 7.
  • Activation Thresholds for Office – Your organization must have at least five (5) computers running Office 2010, Project 2010, or Visio 2010 to activate installed Office products using KMS. For more information about Volume Activation of Office products (that is, Office 2010, Project 2010, and Visio 2010), see the Volume Activation Quick Start Guide for Office 2010, and Volume Activation Overview for Office 2010.


What is a KMS Host Key?

A KMS Host Key is used to activate the KMS host computer with a Microsoft activation server and can activate up to six (6) KMS hosts with 10 activations per host. Each KMS host can activate an unlimited number of computers.

Note : Contact the Microsoft Activation Center if you require additional KMS activations for activating more than six (6) KMS hosts.


What is a Multiple Activation Key (MAK)?

A Multiple Activation Key (MAK) activates systems on a one-time basis, using Microsoft’s hosted activation services (that is, it requires connection with a Microsoft activation server). Once computers are activated, no further communication with Microsoft is required.

Important : Each MAK has a predetermined number of allowed activations, based on your Volume Licensing agreement. Contact the Microsoft Activation Center to increase your MAK activation limit.

You can activate licenses in one of two ways using MAK:

  • MAK Independent Activation – Each computer individually connects to Microsoft via the web or telephone to complete activation.
  • MAK Proxy Activation – One centralized activation request is made on behalf of multiple computers with a single connection to Microsoft online or by telephone. This method uses the Volume Activation Management Tool (VAMT), which is a part of the Windows 7 Automated Installation Kit (WAIK). VAMT enables IT Professionals to automate and centrally manage the Volume Activation process using MAK, and includes a check on the number of activations on the MAK.

Exchange Server 2013 Client Access Licenses

Tip of the day

Exchange Server 2013 – Client Access Licenses (CALs)

As with the Server licenses, the Exchange Server 2013 CALs have also been significantly improved from the previous versions of Exchange. The Exchange Enterprise CAL is available in the same two variants as before; Exchange Enterprise CAL without Services and Exchange Enterprise CAL with Services. The following tables provide a detailed feature breakdown for each CAL edition of Exchange Server 2013:

Feature Standard CAL Standard + Enterprise CAL (with and without Services)
E-mail, Calendar, Contacts, and Tasks Yes Yes
Outlook Web App (Internet Explorer, Firefox, and Safari support) Yes Yes
Exchange ActiveSync Mobile Access Yes Yes
Rich Outlook inbox experience, including enhanced Conversation View and Mail Tips Yes Yes
Apps for Outlook and Outlook Web App Yes Yes
Site mailboxes Yes Yes
Role Based Access Control capabilities Yes Yes
Integration of IM, SMS, and RSS Yes Yes
Federated Calendar Sharing Yes Yes
Exchange ActiveSync Mobile Management Policies Standard Advanced
Journaling Per Database Per User/Distribution List
Journal decryption No Yes
Voicemail with Unified Messaging No Yes
Retention Policies Default Custom
Integrated Archive No Yes*
Multi-Mailbox Search Yes Yes
In-Place Hold No Yes
Data Loss Prevention (DLP) No Yes
Outlook PolicyTips with Data Loss Prevention (DLP) No Yes**
Information Protection and Control (IPC): transport protection rules, Outlook protection rules, IRM Search No Yes

* Archive requires Office 2007 Pro Plus, Office 2010 Pro Plus, or Office 2013 Pro Plus Volume Licensing
** Outlook PolicyTips require Office 2013 Pro Plus Volume Licensing

Customers may buy the standard CAL standalone, but those who want to acquire the Enterprise features as listed above must purchase both the standard and the Enterprise CALs.

The Enterprise CAL with Services has all the above features but also has antivirus and anti-spam service subscriptions from Microsoft Forefront Online Protection for Exchange.

Feature Standard CAL Standard + Enterprise CAL (with Services)
Forefront Online Protection for Exchange No Yes


Portfolio Items