TWM Solicitors has completed a major desktop infrastructure overhaul, rolling out approximately 240 10ZiG thin clients running Windows IoT LTSC across its three Surrey offices. The migration moves the firm from an aging Microsoft Remote Desktop Services (RDS) environment to a modern Azure Virtual Desktop (AVD) setup, a change that promises tighter security, simpler management, and better support for hybrid working in the legal sector.

The rollout, which spans offices in Guildford, Godalming, and Weybridge, replaces a patchwork of aging PCs and traditional thin clients that were locked into on‑premises RDS session hosts. By adopting 10ZiG hardware paired with the locked‑down Windows IoT Enterprise LTSC operating system, TWM gains a highly stable, secure endpoint platform purpose‑built for VDI. The firm’s IT team can now manage the entire fleet through Microsoft Intune and 10ZiG’s own centralised management console, slashing the overhead of manual updates and image maintenance.

Why the Switch from RDS to Azure Virtual Desktop?

Like many mid‑sized professional services firms, TWM Solicitors had relied on RDS for years. The setup worked, but it brought growing pains. Hardware refresh cycles were expensive and disruptive. Staff needing flexible, remote access during the pandemic often found performance lagging over VPN. Patching RDS hosts, managing user profiles, and ensuring compliance with the Solicitors Regulation Authority’s data protection expectations consumed valuable IT resources.

Azure Virtual Desktop addresses these pain points directly. Session hosts run in Microsoft’s UK South datacenter, close to the firm’s Surrey operations, cutting latency. Multi‑session Windows 10 and 11 Enterprise virtual machines let the firm pack more users onto fewer compute resources without sacrificing performance. FSLogix profile containers ensure fast, consistent logins regardless of which session host a user lands on. And because AVD integrates natively with Azure Active Directory and Microsoft Defender for Cloud, the firm gains a security posture that would be costly to replicate on‑premises.

The Hardware: 10ZiG Windows IoT LTSC Thin Clients

At the centre of the deployment are roughly 240 thin clients from 10ZiG, a long‑standing player in the endpoint hardware market. The firm opted for models that come pre‑loaded with Windows 10 IoT Enterprise LTSC 2021. Unlike the standard Windows 10 or 11 editions, the LTSC (Long‑Term Servicing Channel) release strips out consumer‑grade features, the Microsoft Store, and Edge legacy components, leaving a lean, locked‑down core that receives only security updates for a decade.

This approach matters in a legal environment. A solicitor’s desktop must be predictable: no unexpected feature updates, no driver conflicts, no user‑installed bloat. Windows IoT LTSC delivers that. It also aligns with the thin client’s sole job: connecting to AVD via the Remote Desktop client. 10ZiG offers both AMD and Intel‑based models, and while TWM has not disclosed exact specifications, typical law‑firm workloads—document drafting, practice management software, e‑mail, video conferencing—are well served by the quad‑core processors and 8–16 GB of RAM common in this class of hardware.

10ZiG’s firmware includes a “write filter” that prevents changes to the OS image from persisting across reboots. Combined with the LTSC release cycle, this all but eliminates help‑desk calls caused by misconfiguration or malware. If a machine does act up, a reboot restores it to a known‑good state instantly.

Simplifying Endpoint Management at Scale

Managing 240 endpoints across three offices could be a headache without the right tools. TWM is using Microsoft Intune to enforce compliance policies, deploy the Remote Desktop client, and push certificate updates. Because the thin clients are cloud‑domain‑joined (Azure AD joined), there is no need for traditional on‑premises domain controllers or VPN connectivity for device management.

On the hardware side, 10ZiG Manager provides a dedicated, free‑of‑charge console that lets IT staff oversee firmware versions, adjust BIOS settings, and remote‑wipe devices if a solicitor leaves or a machine goes missing. The combination of Intune and 10ZiG Manager gives TWM a single pane of glass for both software and hardware governance, a capability that was absent in its old RDS environment.

Security and Compliance at the Core

Solicitors handle sensitive client data daily—property contracts, divorce proceedings, corporate mergers. The SRA expects firms to protect that data, and a breach can trigger not only regulatory fines but also professional indemnity claims. The AVD + Windows IoT LTSC combination gives TWM a multilayered defence.

First, data never rests on the thin client. All documents, e‑mails, and case management records stay within the Azure virtual machines and the firm’s cloud‑hosted practice management system. If a thin client is stolen, the thief gets a locked‑down plastic box with no local user data. Second, AVD supports screen‑capture protection and watermarking, making it harder for insiders to leak sensitive documents. Third, Conditional Access policies in Azure AD can require multi‑factor authentication and restrict access to compliant, Intune‑managed devices only. These controls go well beyond what TWM could achieve with its old RDS farm and off‑the‑shelf antivirus.

Enhancing the Hybrid Work Experience

The timing of the migration is no accident. TWM, like most firms, now operates a hybrid model: solicitors split their week between the office and home. With AVD, a fee‑earner can connect from a personal laptop in the morning, move to a 10ZiG thin client in the office after lunch, and pick up exactly the same session—no need to save and transfer files. The FSLogix profile technology ensures that the desktop, taskbar, and open applications follow the user.

From an IT perspective, this removes the burden of buying, deploying, and securing hundreds of laptops for remote workers. Instead, the firm provides thin clients on desks and allows staff to use their own devices as “windows” into the AVD session. The cost saving is significant: a thin client can cost one‑third to one‑half the price of a business‑grade laptop with equivalent lifecycle management overhead.

Windows IoT LTSC: The Unsung Hero

Microsoft markets Windows IoT Enterprise LTSC primarily for “fixed‑purpose devices”—ATMs, digital signage, medical instruments. Its adoption in the VDI thin‑client space is growing precisely because of the stability and security it offers. The LTSC 2021 edition is based on Windows 10 21H2 and will receive security updates until January 2032. This long support window aligns beautifully with the five‑ to seven‑year lifecycle that law firms expect from their endpoint hardware.

Critically, LTSC does not get the semi‑annual feature updates that have occasionally disrupted VDI connections or introduced compatibility issues with third‑party legal software. For TWM, that means the IT team can plan a hardware refresh on its own schedule rather than reacting to Microsoft’s release cadence.

TWM Solicitors is not the first law firm to move to AVD, but the scale—240 seats across three offices—puts it in a sweet spot that many mid‑sized UK firms will recognise. The migration signals that Azure Virtual Desktop has matured enough to handle the niche applications common in legal practice, such as case management systems from Pinnacle, Peppermint, or Thomson Reuters. These applications are often notoriously sensitive to latency and printing configurations. The combination of Azure’s proximity hosting (UK South) and 10ZiG’s optimised RDP client helps maintain a local‑PC feel.

Printing, the perennial headache in VDI environments, is handled through 10ZiG’s built‑in printer redirection and the native Remote Desktop Easy Print driver, which can map local printers to the AVD session without installing manufacturer drivers on the host. This simplicity removes the need for expensive third‑party printing solutions.

What’s Next for TWM’s IT Roadmap?

With the foundation in place, the firm is well positioned to explore adjacent Microsoft technologies. Windows 365, Microsoft’s Cloud PC service, could eventually complement AVD for roles that require a dedicated, always‑on desktop with high‑end GPU needs, though present workloads are well served by multi‑session AVD. The thin‑client hardware already supports both AVD and Windows 365 connections, so any future shift would be a configuration change, not a hardware refresh.

TWM may also use the AVD telemetry flowing into Azure Log Analytics to right‑size its session hosts, optimizing costs as user counts ebb and flow. The firm can scale up during busy property‑conveyancing months and scale back during quieter periods, paying only for the compute it actually uses—something impossible with the old racks of RDS servers humming in the office closet.

Takeaways for IT Decision‑Makers

For organisations eyeing a similar move, TWM’s project offers a template. Start by assessing your existing end‑user compute licensing; many firms already own Windows 10/11 Enterprise E3 or E5 licences that include AVD access rights, mitigating the perceived cost barrier. Choose thin‑client hardware that supports Windows IoT LTSC and cloud‑native management from day one—avoid “converting” old PCs that will only add support complexity. Prioritise security telemetry: ship logs from both the thin client and the AVD session to a central SIEM so that compliance reports can be generated without manual effort.

The migration from RDS to AVD is rarely a simple “lift and shift.” Applications may need repackaging for multi‑session use, and user profiles must be refactored for FSLogix. But as TWM has demonstrated, the payoff—a scalable, secure, and cost‑effective desktop environment—far outweighs the short‑term project investment. In a sector where client confidentiality is paramount, the move to a zero‑data‑at‑rest endpoint model is not just progressive; it is quickly becoming the standard of care.