Hard on the heels of a decision to step up the frequency of Windows updates, Microsoft has announced it would give customers 17 months to stop using older versions of Internet Explorer (IE), including the most popular of them all, IE8.
The decision will further complicate enterprises' use of Microsoft's software, analysts said.
"This is huge," said Michael Silver of Gartner. "IE has been one of the biggest inhibitors if not the biggest inhibitor preventing organidations from moving to Windows 7 and Windows 8. I've spoken to organizations that said they'd have deployed Windows 8 if they didn't have to upgrade IE. This is another way Microsoft is trying to persuade, or force, organisations to keep current. For some organisations, like those in regulated industries, that's really difficult."
In a surprise announcement, the head of IE's marketing said that after January 12, 2016, Microsoft would support IE9 only on Windows Vista, IE10 only on Windows Server 2012, and IE11 on Windows 7 and Windows 8.1.
IE7 and IE8 will drop off support completely, no matter what OS they run on.
The browsers will continue working, but Microsoft will halt technical support and stop serving security updates for the banned versions. Because of the large number of critical vulnerabilities Microsoft patches in its browser -- 84 in the last two months alone -- it will be extremely risky running an unsupported version.
Roger Capriotti, who leads IE marketing, cited a number of reasons for the change, including better security, less version fragmentation for Web app and site developers, and improved compatibility with third-party and Microsoft's own Web-based applications and services, such as Office 365.
"Running a modern browser is more important than ever for the fastest, most secure experience on the latest Web sites and services," Capriotti said in a long blog post Thursday.
The move was a repudiation of a decades-old support policy that promised to support an edition of IE for as long as the operating system(s) able to run it. Under the now-in-tatters policy, 2006's IE7 was to receive security updates until April 11, 2017, the call-it-quits date for Windows Vista. IE8, which launched in early 2009, and 2011's IE9 were to stay on the support list until Jan. 14, 2020, the retirement date for Windows 7.
Likewise, IE10, which launched in September 2012, was supposed to receive patches until April 9, 2013, the end date for Windows 8.
In other words, Microsoft just scratched off a year of support for IE7, four years for IE8 and IE9, and seven years for IE10. After Jan. 12, 2016, the only current browser -- Microsoft is sure to release others before then -- that will retain support on the dominant versions of Windows will be IE11.
What's striking about the support change is that Microsoft will abandon IE8, the most widely-used edition, in less than a year-and-a-half. According to data from metrics company Net Applications, IE8 was used by 37% of those running one form or another of Internet Explorer, more than the 29% share that the much newer IE11 controlled last month.
And IE8 use has been growing: In the last three months, its rate of growth has been four times that of IE11.
What was Microsoft thinking?
Al Hilwa, an analyst with research firm IDC, focused on the security angle. "We have a situation where the security consequences of using outdated software is like putting enterprises in a slowly-heating pot," Hilwa said in an email. "We are definitely reaching the boiling point in terms of hacker intrusions and exploitation. The problem is changing and software provisioning has to change with it."
But Silver and others saw more at work in Redmond than Capriotti let on.
"Microsoft suggests that users will have a better experience with newer versions of IE, and that's probably true, but this will also reduce Microsoft's support costs," said Silver.
Wes Miller of Directions on Microsoft concurred. "This wasn't a complete surprise. In the world of new efficiencies [at Microsoft], it didn't shock me that they did this. They're looking for ways to build better software faster," he said, referring to CEO Satya Nadella's oft-stated goal to change Microsoft's culture, including accelerating software release tempos and making development teams more accountable, productive and economical.
Starting in January 2016, Microsoft will only support the most-current browser for an operating system. For Windows 7, that means several versions of IE will have shortened lifecycles.
And with numerous browsers to support, and then even more permutations with not only the OS -- IE8 on Windows Vista and Windows 7; IE9, IE10 and IE11 on Windows 7; and IE10 and IE11 on Windows 8 and 8.1 -- but also integral parts of the company's portfolio, including SharePoint, Microsoft clearly spent considerable time testing patches. Reducing those permutations will benefit Microsoft, Miller said, as will shortening the support lifespan of its software.
The impact of the browser support changes on consumers, the experts agreed, will be minor, as they tend to go along with the ride Microsoft runs. In fact, the company has aggressively driven consumers to adopt the newest versions of IE for years. Starting in early 2012, Microsoft began automatically upgrading customers' copies of IE to the latest available for their operating system: Windows XP users still on IE6 or IE7, for example, were upgraded to IE8.
Auto-upgrades have been successful in pushing large numbers of IE users, presumably consumers for the most part, to newer versions. The same month that Microsoft launched IE11 for Windows 7, the new browser's user share as measured by Net Applications jumped nearly 220%, with another 51% increase within three more months. In eight months, IE11's user share went from 3.3% of all browsers to 16.8%, largely on the back of the automatic upgrade for Windows 7 users.
Commercial customers, however, were always able to dodge the auto-upgrades, either through blocking toolkits or by using their patch management systems, like WSUS (Windows Server Update Services).
End-arounds like that will be moot once Microsoft pulls the patch plug. And that's going to be a problem for enterprises, analysts said.
"Most organizations need to test their applications [against a new browser], and historically many of those applications broke. And many ISVs [independent software vendors] require and only support specific IE versions for their products," said Silver.
Microsoft's slashing of IE support will, at the least, disrupt enterprises and create a backlash, at worst drive some to consider alternatives, like Google's Chrome or Mozilla's Firefox.
"This will irritate enterprise customers," said Miller. "They want to hang on to their legacy [Web] apps."
Hilwa of IDC echoed that, but with a caveat. "Probably there will be pushback, but these steps have to be taken," he said. "I am afraid this is inevitable and it is the right thing to do for Microsoft. [And] I think the way software is being released and updated is changing. Over time, enterprises have to adjust."
Hilwa made two interesting points, both which were echoed by other analysts Computerworld spoke to. "It is the right thing to do for Microsoft," and "enterprises have to adjust," he said.
Those same comments were common prior to the retirement of Windows XP, which was forewarned years in advance but still caught many companies short of having stripped the OS from their networks, for reasons that ranged from the same app compatibility issues that Silver mentioned to lack of time and money.
The fact is that outsiders, including some customers, saw XP's retirement as primarily beneficial to Microsoft -- after all, the company makes relatively little revenue from existing PCs but books the bulk of Windows sales from OEMs that build new machines -- and not themselves. Many were angry and frustrated that they were the ones forced to adapt, which cost them money, not Microsoft.
"I thought Microsoft had learned about 8-10 years ago that pushing people would backfire, but looks like new management, old style," said Edward Tinker, an IT security professional, in an email today. Tinker was reacting to a Computerworld story earlier Friday that reported Microsoft's accelerated release schedule for Windows, and the impact on enterprises.
Tinker could just as well have been talking about the IE support revamp; the two will play out much the same.
"My main concern is that, even with a long lead time [to January 2016], we're talking about businesses who generally need to take long lengths of time for change, often for compliance reasons," said Miller of Directions. "Even with almost a year and a half, enterprises need to get in motion soon. But I think a lot aren't going to, so they'll go through a fire drill, like when they chose to hang on to XP."
Microsoft will stop patching all versions of Internet Explorer after Jan. 12, 2016 on Windows 7 and Windows 8 except for IE11. That edition accounted for less than a third of all copies of IE used last month. (Data: Net Applications.)
"Larger enterprises will work with Microsoft to identify approaches to handle this," added Hilwa. "It is in the embedded and branch [office] settings that I worry the most about disruption."
Miller was sympathetic to the plight of enterprises caught up by Microsoft's decision. But he also contended that the Redmond, Wash. company had little choice.
"I've heard of many companies that say Windows 7 and IE9 will be the next XP and IE6," said Miller, of those firms' desire to standardize on older technologies, a common practice. "What Microsoft's doing is really trying hard to keep that from happening. IE is going forward and customers are expected to keep up."
The alternative, Miller argued, was a situation where Microsoft was held back by having to support older browsers, an "immensely burdensome" situation, as he described it, that could translate into losing those customers who want innovation and progress from their software vendors. "In this world, Microsoft risks losing customers if it doesn't keep up with rivals," Miller said.
That's usually called "between a rock and a hard place."
Yesterday, Microsoft's Capriotti urged commercial customers to adopt IE11 and promised that the backwards-compatibility tool introduced with that browser, dubbed "Enterprise Mode," would be maintained, improved and supported through the retirement date of Windows 7, or January 14, 2020. However, he did not say that the tool would necessarily be supported on IE11, opening the door for future browser support cuts.
Opinions from the experts on Enterprise Mode were mixed. "Generally, yes, it's a credible tool," said Miller. "And there are also third-party solutions."
Silver was less positive that the tool would be sufficient. "Enterprise Mode makes [testing and migration] easier, but organizations don't trust it yet," he said.
How this plays out over the next 17 months is unclear.
Analysts like Miller and Hilwa were right in pointing out that it's a different Microsoft now, evidenced on the ground by this week's two announcements of smaller Windows updates that arrive much more frequently, and the browser support contractions. Microsoft didn't back away from its call to retire Windows XP, even under pressure from China's authorities, which some believe may be behind the recent antitrust investigation launched there. It's just as unlikely to retreat from this ruling.
But enterprises are Microsoft's bread and butter. Agitating that base may not result in companies abandoning Microsoft's wares -- they have, frankly, nowhere else to really turn -- but it could further alienate them. By definition, angry customers aren't happy customers.
"In the interest of its customers, Microsoft really should have implemented this for Windows 8 and higher, and allowed Windows 7 users to continue having a mix," suggested Silver. "To get customers to stay current, Microsoft needs to make it easy to stay current. That's not the case for IE8, IE9 and IE10 users."
Microsoft has published an FAQ covering the browser support changes.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is email@example.com.
Read more about windows in Computerworld's Windows Topic Center.