The growth of mobility means that people need to access corporate systems in a wider range of locations than ever, but most organisations would prefer this was done from a 'known good' copy of Windows rather than one that could be malware-ridden.
Furthermore, there is an increasing desire to travel light, for example with a smartphone or tablet instead of a notebook, and to borrow a computer on arrival if it is really needed.
The idea of a bootable USB stick isn't new, but Microsoft has added some wrinkles to Windows To Go, Microsoft Services architect Tanya Koval told the TechEd Australia conference, especially from a security perspective.
The recovery key for BitLocker is stored in the organisation's Active Directory as part of the provisioning process.
Windows To Go also uses Secure Boot to protect against firmware malware, a feature supported by all Windows 8 certified hardware.
And to minimise the risk of data leakage, the computer's internal hard drive is taken offline by Windows To Go, and can only be brought online by a user with administrative rights, which should not apply to users in managed environments.
The provisioning process can either be carried out centrally (Microsoft has a PowerShell script to assist with Windows To Go provisioning, and a Windows To Go Creator is part of Windows 8 Enterprise), or self-provisioning can be implemented using System Center Configuration Manager 2012 SP1 or equivalent software, in which case the user browses the software catalogue for the program that provisions a Windows To Go drive, runs the program, and then reboots using the thumb drive.
The drive must be used at least once on the corporate network to activate the Windows licence, to join the domain, and to enable BitLocker
Microsoft did not overlook ease of use issues, according to Ms Koval.
Since changing the boot order is normally a vendor-specific operation involving pressing the right key at the right time in the startup process and then adjusting settings, Windows 8 recognises a thumb drive containing Windows To Go and provides the option to start up from it.
If the thumb drive is removed while in use, Windows To Go pauses for 60 seconds for it to be reinserted and then shuts down.
That time limit "is unconfigureable, so live with it," said Ms Koval. The concern was that a user might need to leave a semi-public computer (eg, one in an Internet cafe) in a hurry, and one minute seemed the right compromise between security and protection against accidental removal.
There is no guarantee that unplugging the drive this way will not result in data loss, nor that the system will successfully resume if it is plugged back in, though the mechanism has proved generally reliable.
The first time the thumb drive is used with a particular computer, the relevant drivers are installed (if they weren't prestaged in the system image they are obtained via the Internet) and the configuration is stored for faster booting on subsequent use.
There is no artificial limit on the number of different computers used with a particular USB stick, only the available storage space - Windows To Go plus Office 2010 and 2013 occupy less than 20GB, she said.
Once installed, Windows To Go can be managed like any other copy of Windows, although SCCM 2012 SP1 does identify it as Windows To Go.
And according to Ms Koval, one Windows licence per user covers use on a corporate PC and Windows To Go.
The writer attended TechEd 2012 as the guest of Microsoft.