GITEX Global in Dubai is the clearest signal each year of where GCC enterprise IT is actually heading — not where vendors say it is heading. The 2025 edition ran with more stands dedicated to AI infrastructure and endpoint computing than any previous year, and the conversations in those stands were noticeably different from the product pitches. GCC IT leaders were specific about their problems, specific about their timelines, and in several cases openly re-evaluating commitments that had seemed settled two years ago.
Here are the five threads we kept pulling on in October, and what we think they mean for EUC planning through 2026.
1. Windows 10 End of Life Is Producing a Genuine Hardware Inflection
Microsoft ended mainstream support for Windows 10 in October 2025. The practical effect across the GCC is a hardware refresh wave that was visible at GITEX in the number of thin client and endpoint conversations happening in parallel with VDI sessions. The interesting dynamic is that not all of the hardware reaching end of supportable Windows life is actually worn out. A significant portion of the GCC’s enterprise PC estate is physically capable of running a managed thin client OS for another three to five years — it just cannot run Windows 11 because it fails the TPM 2.0 or CPU generation requirements.
The conversation at GITEX was not uniformly “replace everything.” It was “show me the economics of repurposing what I have.” Linux-based endpoint operating systems that convert existing x86 hardware into centrally managed thin clients — booting from a USB stick or SATA drive, connecting directly to AVD, Citrix or Omnissa, leaving the native OS untouched — were among the more practically focused discussions of the week.
2. AI Copilot Readiness Is Exposing M365 Governance Gaps
Every major Microsoft partner at GITEX had a Copilot story. What most of them were quietly not addressing was the prerequisite question: is your M365 tenant in a state where you would be comfortable with an AI tool indexing all of it and surfacing results to any user who asks?
The answer for most GCC organisations is no — not because Copilot is dangerous, but because M365 tenants accumulate permissions debt, orphaned teams, over-shared SharePoint sites and inactive accounts over years of ungoverned growth. Copilot amplifies access, it does not restrict it. An organisation that deploys Copilot into a tenant where finance files are accessible to the entire company because someone set broad permissions three years ago will deliver exactly those results to any employee who asks the right question.
The practical consequence is that M365 governance — license rightsizing, storage cleanup, team lifecycle management — moved from a background IT hygiene task to a Copilot readiness prerequisite during 2025. That shift was visible at GITEX in the number of procurement conversations that opened with Copilot and quickly moved to “what do we need to do first.”
3. Enterprise DaaS Contract Renewals Are Opening the Platform Question
A thread that ran through more private conversations than public stands at GITEX was the commercial reality of enterprise DaaS renewals. Contracts that were signed in 2020 and 2021 — when the market was competitive and pricing reflected that — are now renewing under terms that look materially different. Several GCC IT leaders described renewal notices that represented 200–300% increases on their previous per-user cost, with 90-day notice windows and limited room to negotiate.
The consequence is that organisations which had settled on a primary VDI platform are now doing a platform evaluation they did not expect to be doing. Azure Virtual Desktop, as a component of existing Microsoft licensing rather than an incremental per-user DaaS subscription, looks structurally different in that calculation. The management and observability gap that historically made AVD a harder operational choice has been narrowed significantly by third-party tooling that provides centralised host pool management and real-time performance analytics — at a combined cost that consistently undercuts the incumbent renewal price by 40–70%.
4. Zero-Trust Identity Is Replacing the VPN-First Architecture
VPN as the primary remote access model for GCC enterprises was already under pressure before GITEX. The 2025 conversations accelerated the shift. The specific issue that came up repeatedly was the gap between organisations’ stated zero-trust posture and their actual access architecture — which in most cases still routes remote users through a VPN concentrator that provides network-level access, validates credentials once at connection time, and then trusts the session for its duration.
The alternative being evaluated was identity-aware access: MFA that evaluates every resource request, not just initial authentication. Adaptive MFA that responds to device posture, location and behaviour rather than simply issuing a token. For organisations with legacy VDI gateways — Citrix StoreFront, older Horizon deployments, RDS environments — the practical question was not whether zero-trust access was desirable but how to add it without rebuilding the gateway infrastructure from scratch.
5. Data Sovereignty Is Shaping Backup and DR Architecture
The fifth thread was quieter but consistent: GCC organisations in regulated sectors — finance, healthcare, government — are increasingly specific about where backup data sits, not just where primary data sits. The availability of Azure UAE North and UAE Central regions, combined with S3-compatible storage in-country, means there is now a viable answer to “backup data stays in-country” that did not exist cleanly three years ago.
The practical impact on backup architecture is twofold: primary backup to in-region Azure storage or in-country object storage, with a secondary copy offshore for disaster recovery. The organisations getting this right are those that defined the data residency requirement first and then selected backup tooling that could target those specific storage destinations — rather than selecting backup tooling and then trying to retrofit data residency compliance.
These five threads are not predictions. They are the actual conversations that GCC IT teams were having at GITEX 2025, and the decisions they are working through heading into 2026. If any of them match what your team is navigating, we are running working sessions through the first half of the year — reach out through our contact page to book one.