Latest Event Updates
Similar to last month’s post on resources for Windows Analytics, I’m often also asked for a collection of useful resources on Windows Autopilot. With that said, most of these are just cumulatively pulled from my monthly Windows 10 “news you can use”.
- Getting started with an overview of Windows Autopilot, a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. With Windows AutoPilot, IT professionals can customize the Out of Box Experience (OOBE) for Windows 10 PCs and enable end users to take a brand-new Windows 10 device and—with just a few clicks—have a fully-configured device ready for business use. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Most importantly, users can go through the process independently, without making any decisions and without needing to involve IT.
- AutoPilot provisioning PowerShell script.
- Manage Windows device deployment with Windows Autopilot Deployment.
- Auto-logon for Autopilot
- Automatic enrollment.
- Bulk enrollments.
- Automatic enrollment.
- Enroll Windows devices using Windows AutoPilot Deployment Program.
- AutoPilot prerequisites.
- Techcommunity blog post which outlines the latest enhancements to Windows Autopilot in Windows 10, version 1803, specifically: Enrollment status, OEM and hardware vendor supply chain integration, BitLocker integration, automatic Windows Autopilot profile assignment, and device deletion with Microsoft Intune.
- Video to learn how to setup Windows Autopilot in just over 3-minutes.
- Microsoft Mechanics 8-minute video which explores the most recent updates to Windows Autopilot, which include a zero-touch experience for the deployment of new Windows 10 devices and device reset capabilities, all powered by Microsoft 365.
- Walkthrough for deploying a kiosk using Windows Autopilot.
- Architectural planning posters for Windows 10, including for clean install, in-place upgrades, AutoPilot, servicing, and protection solutions.
- Troubleshooting Windows AutoPilot (level 300/400).
- How to enable BitLocker Drive Encryption and automate the process for an AutoPilot device that is provisioned for a standard user using the Windows 10 Fall Creators Update version 1709. https://blogs.technet.microsoft.com/showmewindows/2018/01/18/how-to-enable-bitlocker-and-escrow-the-keys-to-azure-ad-when-using-autopilot-for-standard-users
- Microsoft 365 powered device lab kit features a fully-provisioned virtual lab environment with Windows 10 Fall Creators Update, Office 365, Enterprise Mobility + Security. Plus, 25 step-by-step lab guides covering Autopilot, Windows Defender Application Guard, Windows Hello, Windows Analytics, and more.
- Announcing new extensions to the Windows Autopilot zero-touch experience with several new capabilities available in preview with the Windows Insider Program today.
Other resources related to Windows Autopilot when using Microsoft Intune.
- Power and sleep settings modification (desktop only) – Prevents the end user from changing power and sleep settings on the device. Windows 10 and later device restriction settings in Microsoft Intune.
- Install types for Intune/MDM and App deployment
- Add apps for Windows PCs that run the Intune software client.
- Deploy apps with Microsoft Intune.
- Manage App Deployments in Intune.
- Add apps for Windows PCs that run the Intune software client.
- Application software install types (.exe, .msi, .appx, .appxbundle)
- Install the Intune software client on Windows PCs
- Remote TeamViewer in Intune.
When setting up hybrid Azure AD join with on-premises Windows 10 environments, if you encounter the an error that “The system tried to delete the JOIN of a drive that is not joined.“, then there is a good chance that the device has not yet synchronized into Azure AD.
A few tips to help you isolate the cause and get past this issue:
- First, confirm the device exists in Azure Active Directory (or not). In the Azure portal, navigate to Azure Active Directory > Devices > All devices.
- Review the steps in Troubleshooting hybrid Azure Active Directory joined Windows 10 and Windows Server 2016 devices. Note that this article points back to another article on How to configure hybrid Azure Active Directory joined devices, which presently contains way more helpful information to help you troubleshoot.
- In the most current Azure AD Connect releases, use the built-in Troubleshooter. Then in the PowerShell windows which launches, use both options to troubleshooting options for Object Sync and Password Hash Sync.
In my case, the troubleshooting guides were useful to confirm that I had configured everything correctly. Then the Azure AD Connect troubleshooter reported an error that “Password Hash Synchronization cloud configuration is disabled”. Searching that issue on the Internet led me to discover that the cause was likely due to mismatched passwords between the Azure AD account “On-Premises Directory Synchronization Service Account” with the password currently set in the local synchronization service.
To fix that, first set a new password for the “On-Premises Directory Synchronization Service Account”. To do that, try setting it in Azure directly. However, given that it’s a special account, it may be necessary to reset the password through PowerShell with the MSOL cmdlets. While I’m not getting into the full end-to-end setup and use of those add-on Azure PowerShell cmdlets, the command could be as simple as:
Connect-AzureAD Set-AzureADUserPassword -ObjectId abc123def456xyz980 -Password MyP@ssw0rd! -ForceChangePasswordNextLogin $false
Next, start program Synchronization Service Manager, then click on Connectors. Locate the Windows Azure Active Directory Account and click Properties.
Finally, set the password. Voila, devices will now sync to Azure AD on the next synchronization!
|Windows 10 news you can use, July 2018 edition
Providing insights into Windows 10 deployment & management, security & compliance, and productivity. Also see other news related to Windows 10.
|Deployment & Management|
1) For build 17682 of the Windows 10 Insider Preview, RSAT is now available on demand! What does that mean? You no longer need to manually download RSAT every time you upgrade! http://blogs.windows.com/windowsexperience/2018/05/31/announcing-windows-10-insider-preview-build-17682
2) Techcommunity blog post which outlines the latest enhancements to Windows Autopilot in Windows 10, version 1803. Specifically: Enrollment status, OEM and hardware vendor supply chain integration, BitLocker integration, automatic Windows Autopilot profile assignment, and device deletion with Microsoft Intune. https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Autopilot-What-s-new-and-what-s-next/ba-p/201884
3) Microsoft Mechanics 8-minute video which explores the most recent updates to Windows Autopilot, which include a zero-touch experience for the deployment of new Windows 10 devices and device reset capabilities, all powered by Microsoft 365. https://www.youtube.com/watch?v=7t7xaV8sm50
4) Walkthrough for deploying a kiosk using Windows Autopilot. https://blogs.technet.microsoft.com/mniehaus/2018/06/07/deploying-a-kiosk-using-windows-autopilot
5) Announcing new extensions to the Windows Autopilot zero-touch experience with several new capabilities available in preview with the Windows Insider Program today.
6) Windows 10 Updates and Store GPO behavior with DualScan disabled and client managed by SCCM SUP/WSUS. https://blogs.technet.microsoft.com/swisspfe/2018/04/13/win10-updates-store-gpos-dualscandisabled-sup-wsus
7) New FastTrack benefit from Microsoft: Deployment support for Co-management on Windows 10 devices. We’d like to provide a few highlights on what you can expect. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/18/new-fasttrack-benefit-deployment-support-for-co-management-on-windows-10-devices
8) Implementing the Right Inertia in your Windows 10 Deployment Process: measuring and managing risk effectively with systems designed for change management.
9) Two new policies added for Edge when doing MDM management of Windows 10 through Microsoft Intune: Path to favorites file and Changes to Favorites. https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#edge-browser
|Security & Compliance|
1) Virtualization-based security (VBS) memory enclaves: Data protection through isolation. The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution capability, resulting in widescale global outbreaks. Windows 10 remained resilient to these attacks, with Microsoft constantly raising the bar in platform security to stay ahead of threat actors. Virtualization-based security (VBS) hardens Windows 10 against attacks by using the Windows hypervisor to create an environment that isolates a secure region of memory known as secure memory enclaves. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/05/virtualization-based-security-vbs-memory-enclaves-data-protection-through-isolation
2) Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Social engineering gives cybercriminals a way to get into systems and slip through defenses. The hardening of Windows 10 and Windows 10 in S mode, the advancement of browser security in Microsoft Edge, and the integrated stack of endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) further raise the bar in security. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering
3) What is new in Windows 10 1803 for the Privileged Access Workstation (PAW) solution.
4) Go beyond external defenses. Eradicate attacks faster when they get inside. Download the 5 risk points to avoid in enterprise security—crash course. You’ll see how solutions built in to an operating system can (a) Make user identities more secure to prevent malicious access to devices and systems, (b) Detect the hidden actions of attackers already inside your systems more quickly, and (c) Leverage the largest data sets that index billions of sources to alert you of attacks immediately. https://info.microsoft.com/5RiskPointsEbook.html
5) Zero Trust networks eliminate the concept of trust based on network location within a perimeter. Instead, Zero Trust architectures leverage device and user trust claims to gate access to organizational data and resources. Read more about building Zero Trust networks with Microsoft 365, based on Azure Active Directory, conditional access, Windows Defender Advanced Threat Protection, Windows Defender System Guard runtime attestation, and Microsoft Intune. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/14/building-zero-trust-networks-with-microsoft-365
6) Announcing the pre-release (v0.9) of “AaronLocker:” robust and practical application whitelisting for Windows. AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize rules for your specific requirements with simple text-file edits. AaronLocker includes scripts that document AppLocker policies and capture event data into Excel workbooks that facilitate analysis and policy maintenance. https://blogs.msdn.microsoft.com/aaron_margosis/2018/06/26/announcing-application-whitelisting-with-aaronlocker
1) Windows 10 Tip: How to start creating in Paint 3D. http://blogs.windows.com/windowsexperience/2018/06/04/windows-10-tip-how-to-start-creating-in-paint-3d
2) Windows 10 Tip: Go back and forth in time with Timeline, new in the Windows 10 April 2018 Update. http://blogs.windows.com/windowsexperience/2018/06/11/windows-10-tip-go-back-and-forth-in-time-with-timeline-new-in-the-windows-10-april-2018-update
3) Windows 10 Tip: How to start using Nearby Sharing with the Windows 10 April 2018 Update.
4) SwiftKey intelligence comes to the touch keyboard in Windows 10 Insider Build 17692.
5) Windows 10 Tip: Search, shop and learn through the photos you take with Visual Search.
|In other news related to Windows 10…|
- Public preview support for Windows 7 and Windows 8.1 with Windows Defender Advanced Threat Protection (WDATP).
- We live in a time of both great opportunity and great responsibility. Our children have access to more information, entertainment and more ways to connect than ever before, but with that comes plenty of new things that parents like you and I need to worry about and new ways to distract their attention. Today, we are excited to introduce new features that make it easier and safer for families to interact with technology and, each other, across devices and platforms. One feature announcement is with Microsoft Edge giving the ability to allow or block websites has always existed on your PCs….and now, we are extending this feature to you and your family’s Android devices. If you have set up a Microsoft family group, any websites you have already tagged as allowed or blocked for your kid(s) will carry the same settings as they try to access websites in Microsoft Edge on their Android devices. http://blogs.windows.com/windowsexperience/2018/05/31/microsoft-gives-parents-peace-of-mind-with-new-family-features-across-devices
- Getting the most value out of your security deployment. This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series you’ll find context, answers, and guidance for deployment and driving adoption within your organization. In the last blog Now that you have a plan, it’s time to start deploying, we covered some of the tactical issues that you’ll want to consider planning your Microsoft 365 Security deployment. Now we’ll move to the third and final step of an effective planning process: Drive Value. https://cloudblogs.microsoft.com/microsoftsecure/2018/05/31/getting-the-most-value-out-of-your-security-deployment
- The Microsoft Cybersecurity Reference Architecture describes Microsoft’s cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help you better utilize it.
- Defining a crisp modern security strategy to support business success. A modern security agenda needs to define the purpose of the security team, its vision and mindset. It should also explain the high-level strategies it will employ, and how it will be organized, including the definition of priorities and deadlines and how the results will be measured. More detailed information regarding enabling and accelerating digital transformation is available in this whitepaper. It is designed to articulate what a modern security strategy can look like, and is useful for CISOs, CIOs, CDOs, and potentially board members who want to learn more about secure transformation and benchmark their own teams. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/12/updating-your-cybersecurity-strategy-to-enable-and-accelerate-digital-transformation
- Artificial Intelligence (AI) continues to be a key area of investment for Microsoft, and we’re pleased to announce that for the first time we’ve leveraged AI at scale to greatly improve the quality and reliability of the Windows 10 April 2018 Update rollout. Our AI approach intelligently selects devices that our feedback data indicate would have a great update experience and offers the April 2018 Update to these devices first. As our rollout progresses, we continuously collect update experience data and retrain our models to learn which devices will have a positive update experience, and where we may need to wait until we have higher confidence in a great experience. Our overall rollout objective is for a safe and reliable update, which means we only go as fast as is safe. http://blogs.windows.com/windowsexperience/2018/06/14/ai-powers-windows-10-april-2018-update-rollout
Beginning in Windows 10 1709, Hyper-V networking included a “Default Switch” to help simplify Internet connectivity to guest VMs. The idea is that this switch would automatically share whatever Internet connection is used by the Host, then NAT the addresses to the guests. This sharing is accomplished using the Internet Connection Sharing (ICS) service on the Host.
While in theory this makes the networking of guests easier, one particular challenge with this solution still exists today with Windows 10 1803….occasionally this guest loses it’s ability to work through the Host’s connection. And thereby the guest has no Internet access. So, if you’re faced with this issue, try restarting the ICS service on the host to restore connectivity.
For Internet connection issues with the default switch on a Windows 7 guest VM, I found the best solution to be changing the “Automatic metric” settings on the NICs in the VM. This workaround/solution was posted in a TechNet forum thread, but the details are copied below for ease of reading.
“Go to <Network and Sharing><Change Adapter Settings> and right click your wired and wireless adapters one at a time to change the properties. Select IPv4, click <Properties> then click <Advanced>. For each one, clear the “Automatic metric” check box and assign the metric value manually. I set the wireless to 1 and the wired to 2, which gave me the behavior I wanted.”
I’m often asked for a set of resources to get started or to understand the Windows Analytics toolset. Below is a collection of my favorite resources, which I may update from time-to-time.
- Windows Analytics accelerates enterprise Windows 10 migration. With Update Compliance and Device Health services now generally available, Windows Analytics provides an end-to-end upgrade solution with actionable insights into device performance, reliability, and health, so enterprises can broadly migrate their devices from Windows 7 or Windows 8 to Windows 10 or update Windows 10 devices to the latest feature update (Windows 10, version 1709) quickly and with confidence.
- Register today for exclusive access to a one-hour, demo-rich webcast showcasing solutions that can help you monitor and proactively improve your experience with Windows 10 upgrades, update deployment, and device management.
- Have you heard of the new Upgrade Analytics service to help in your application compatibility planning and readiness? If not, a Microsoft Mechanics video (6 minutes) was created to highlight and showcase the technology. Read more and watch at:
- Videos and setup guides for Upgrade Readiness in the Windows Analytics suite. Includes jump points to technical documentation on prerequisites, etc.
- A demo from Microsoft Mechanics walks you through common usage scenarios for Windows Analytics Update Compliance, a cloud-based solution that provides you with an inventory of the devices in your organization, the version of Windows installed on each device, the update status of each device, and antimalware assessment for Windows Defender Antivirus-enabled devices.
- In January a “Ask Microsoft Anything” (AMA) about Windows Analytics was held. Members of the engineering and product teams were answered questions and listened to feedback about Upgrade Readiness, Update Compliance, Device Health, and the future roadmap for Windows Analytics. Those conversations were recorded and can be found in techcommunity link below.
- Discussion about pricing of OMS for Windows Analytics.
- Announcing Delivery Optimization Insights for Windows Analytics: Update Compliance https://blogs.technet.microsoft.com/upgradeanalytics/2017/12/17/announcing-post-upgrade-insights-in-upgrade-readiness
- Windows Analytics utilizes Operations Management Suite (OMS) workspaces with Log Analytics. OMS requires and Azure subscription (which can be free). The following guide covers how to create the OMS=>Azure association for two scenarios: (1) Your organization is new to Microsoft Azure and you just want to use Upgrade Analytics, and (2) Your company is already using an Azure subscription and you want to create an OMS workspace for Upgrade Analytics under your Azure subscription
- Detailed information on how Upgrade Readiness collects application inventory for your OMS workspace. Includes info about data collection, appraiser updates, best practices, and troubleshooting!
Last updated: 7/10/2018
|Windows 10 news you can use, June 2018 edition
Providing insights into Windows 10 deployment & management, security & compliance, and productivity
Also see other news related to Windows 10
Latest Windows 10 1803 feature upgrade news:
- Administrative Templates and GPO Reference Spreadsheet for Windows 10 1803 are available for download.
- Features deprecated in Windows 10 1803.
- NEW: Upgrade to Windows 10 1803 without suspending BitLocker. https://blogs.technet.microsoft.com/mniehaus/2018/05/02/new-upgrade-to-windows-10-1803-without-suspending-bitlocker
- Official release of the security configuration baseline settings for Windows 10 1803.
- Updated Remote Server Administration Tools (RSAT) for Windows 10 1803. https://www.microsoft.com/en-us/download/details.aspx?id=45520
- New features for Microsoft Edge extensions in the Windows 10 April 2018 Update: Extensions can now be enabled for InPrivate browsing, and notifications API for extensions.
- New Delivery Optimization options in Windows 10 1803. https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization#delivery-optimization-options
|Deployment & Management|
1) SetupDiag.exe is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. It works by examining Windows Setup log files then attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.
2) Defining application taxonomies to drive your application compatibility testing. https://blogs.msdn.microsoft.com/cjacks/2018/04/30/defining-app-tranches-to-drive-your-app-compat-testing
3) Announcing Delivery Optimization Insights for Windows Analytics: Update Compliance https://blogs.technet.microsoft.com/upgradeanalytics/2017/12/17/announcing-post-upgrade-insights-in-upgrade-readiness
4) Enterprise-ready in the age of Windows as a service https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Enterprise-ready-in-the-age-of-Windows-as-a-service/ba-p/188712
5) New IT Pro application packaging tool: MSIX. This is the next generation of application delivery.
- Build 2018 public announcement (short).
- MSIX: Inside and Out. Foundational understanding about MSIX for why the solution is needed and how it functions.
- Accelerating Windows 10 enterprise app deployment with MSIX. Includes tools for converting legacy applications (including App-V) to MSIX. https://developer.microsoft.com/en-us/events/build/content/accelerating-windows-10-enterprise-app-deployment
6) Dive on Windows 10 co-management with Intune and System Center Configuration Manager.
7) Learn how to create a Windows 10 kiosk that runs multiple apps. With Windows 10, version 1803, you can also: configure a single-app kiosk profile in your XML file, assign group accounts to a config profile, and configure an account to sign in automatically.
8) Video to learn how to setup Windows Autopilot in just over 3-minutes. https://www.youtube.com/watch?v=KYVptkpsOqs
|Security & Compliance|
1) Video showcasing protection capabilities against the most sophisticated threats with Windows Defender Advanced Threat Protection (WDATP). https://www.youtube.com/watch?v=JojhJ0Ib8vU
2) Microsoft’s Windows Defender ATP team is committed to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions. In the continued spirit of these principles, we want to share the results of the January-February 2018 test conducted by independent antivirus tester AV-TEST and provide a transparency report that augments the test findings with contextual information to help our customers make informed decisions about Windows Defender ATP adoption. https://cloudblogs.microsoft.com/microsoftsecure/2018/05/24/adding-transparency-and-context-into-industry-av-test-results
3) IT showcase: Microsoft uses Windows Defender Antivirus to boost malware protection. Updated May 2018. https://www.microsoft.com/itshowcase/Article/Content/752/Microsoft-uses-Windows-Defender-Antivirus-to-boost-malware-protection
4) Adversaries are reusing credentials all the time; How can you check and prevent credential reuse attacks? Deny them by leveraging new (and old) security features. https://blogs.technet.microsoft.com/motiba/2018/05/06/avoiding-credentials-reuse-attacks
5) Use Windows Information Protection (WIP) to help make accidental data leakage a thing of the past. WIP protects users and organizations from accidental leaks via copy-and-paste, drag-and-drop, removable storage (e.g., USB thumb drives), and unauthorized applications (e.g., non-work cloud storage providers). https://cloudblogs.microsoft.com/microsoftsecure/2018/05/15/use-windows-information-protection-wip-to-help-make-accidental-data-leakage-a-thing-of-the-past
6) Windows Insider Preview build 17672 introduced support for the SameSite cookies standard in Microsoft Edge, ahead of a planned rollout in Microsoft Edge and Internet Explorer. Same-site cookies enable more protection for users against cross-site request forgery (CSRF) attacks. To broaden the security benefits of this feature, we plan to service Microsoft Edge and Internet Explorer 11 on the Windows 10 Creators Update and newer to support same-site cookies as well, allowing sites to rely on same-site cookies as a defense against CSRF and other related cross-site timing and cross-site information-leakage attacks.
7) Big news in our drive to eliminate passwords: FIDO2 / WebAuthn Reaches Candidate Recommendation status! This will allow Microsoft customers to use any Microsoft identity to sign-in using a FIDO device instead of a password on any FIDO2 compatible device or browser – for both personal Microsoft accounts and organizational identities based on Azure Active Directory. https://cloudblogs.microsoft.com/enterprisemobility/2018/04/12/big-news-in-our-drive-to-eliminate-passwords-fido2-webauthn-reaches-candidate-recommendation-status
8) The new Windows Privacy hub converges related content about Windows privacy on docs.microsoft.com. Here you can find new guidance to help IT decision makers get ready for GDPR, a list of Windows 10 services configuration settings used for personal data privacy protection, understand Windows diagnostic data, and much more.
- Privacy hub: https://docs.microsoft.com/windows/privacy
- Privacy guidance for GDPR: https://docs.microsoft.com/windows/privacy/gdpr-it-guidance
- Configuration settings for Windows 10 services: https://docs.microsoft.com/windows/privacy/windows-personal-data-services-configuration
1) Introducing two new mixed reality business applications: Microsoft Remote Assist and Microsoft Layout. http://blogs.windows.com/windowsexperience/2018/05/07/introducing-two-new-mixed-reality-business-applications-microsoft-remote-assist-and-microsoft-layout
2) Windows 10 Tip: How to enable Focus Assist in the Windows 10 April 2018 Update.
3) Microsoft Build 2018 highlights for productivity advancements coming to Windows 10.
- A new way to connect your phone to your PC with Windows 10 that enables instant access to text messages, photos, and notifications.
- An updated Microsoft Launcher application on Android that will support Enterprise customers with easy access to line of business applications via Microsoft Intune.
- Microsoft Launcher on Android will also support Timeline for cross-device application launching. Today, your Microsoft Edge browsing sessions on your iPhone or iPad are included in the Timeline experience on your Windows 10 PC.
- Updates to Sets, an easier way to organize your stuff and get back to what you were doing. With Sets, what belongs together stays together, making it easier and faster to create and be productive.
4) Windows 10 Tip: A guide to using the basic tools in Paint 3D. http://blogs.windows.com/windowsexperience/2018/05/21/windows-10-tip-a-guide-to-the-basic-tools-in-paint-3d
5) What happens when three identical devices run different browsers? The Microsoft Edge team wanted to find out. This experiment showed that battery life on a PC running Microsoft Edge lasts 98% longer than Mozilla Firefox and 14% longer than Google Chrome. Windows 10 April 2018 Update Edition. https://www.youtube.com/watch?v=T24bRAm8MT0
6) Windows 10 Tip: Capture your thoughts easily with Dictation. Did you know that with the Windows 10 April 2018 Update, it’s now easier than ever to take a note or write a paper – with just your voice, using your device’s microphone? http://blogs.windows.com/windowsexperience/2018/05/29/windows-10-tip-capture-your-thoughts-easily-with-dictation
7) At Microsoft, we want to empower every person and every organization to achieve more. We deeply believe everyone should have the opportunity to reach their potential and we can help by empowering all people, regardless of their abilities. Global Accessibility Awareness Day gives us the chance to celebrate our differences and reflect on the ways in which we continue to strive to make Windows more accessible to everyone in their everyday life. Windows for each of us. http://blogs.windows.com/windowsexperience/2018/05/16/celebrating-global-accessibility-awareness-day
|In other news related to Windows 10…|
- Envisioning your security deployment. Envisioning is a systematic way to match Microsoft 365 Security features with relevant company goals. It involves identifying and prioritizing relevant scenarios while learning about the tools and resources available as you plan for your rollout. In many ways, this stage is the most critical part of your journey, as you’re setting the business goals you’ll measure your success against later. https://cloudblogs.microsoft.com/microsoftsecure/2018/05/01/first-things-first-envisioning-your-security-deployment
- Windows IoT accelerates the intelligent edge with the Windows 10 April 2018 Update.
- Making IT simpler with a modern workplace…it’s time for a modern desktop. What do we mean by a “modern desktop?” Learn more at. https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace
- Building a world without passwords. When thinking about creating a world without passwords, Microsoft wants to deliver on two key promises. (1) User promise: End-users should never have to deal with passwords in their day-to-day lives. (2) Security promise: User credentials cannot be cracked, breached, or phished. Microsoft’s philosophy is to devalue the password and replace it with something that eradicates its use for the end user and drains its value for an attacker. Windows Hello, the Microsoft Authenticator app, and FIDO2 security keys are current password-replacement offerings. The Windows 10 April 2018 Update, when configured in S mode, does not require passwords. https://cloudblogs.microsoft.com/microsoftsecure/2018/05/01/building-a-world-without-passwords
- Securing the modern workplace with Microsoft 365 threat protection.
- Part 1: The roots of Microsoft 365 threat protection. https://cloudblogs.microsoft.com/microsoftsecure/2018/04/24/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-1
- Part 2: Protecting the modern workplace against Ransomware. https://cloudblogs.microsoft.com/microsoftsecure/2018/05/02/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-2
- Part 3: Detecting ransomware in the modern workplace. https://cloudblogs.microsoft.com/microsoftsecure/2018/05/08/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-3
- Part 4: Responding to ransomware in the Modern Workplace https://cloudblogs.microsoft.com/microsoftsecure/2018/05/16/securing-the-modern-workplace-with-microsoft-365-threat-protection-part-4
- Safeguard individual privacy rights under GDPR with the Microsoft intelligent cloud.
|Windows 10 news you can use, May 2018 edition
Providing insights into Windows 10 deployment & management, security & compliance, and productivity
Also see other news related to Windows 10
Windows 10 April 2018 Update (version 1803) released! More info at:
- What’s new in the Windows 10 April 2018 Update http://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update
- What’s new in Microsoft Edge in the Windows 10 April 2018 Update http://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update
- How to get the Windows 10 April 2018 Update http://blogs.windows.com/windowsexperience/2018/04/30/how-to-get-the-windows-10-april-2018-update
|Deployment & Management|
1) Windows 10 Group Policy vs. Intune MDM Policy: who wins? https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins
2) If you’re an IT administrator managing Windows Server and Windows, you probably open dozens of consoles for day-to-day activities, such as Event Viewer, Device Manager, Disk Management, Task Manager, Server Manager – the list goes on and on. Windows Admin Center brings many of these consoles together in a modernized, simplified, integrated, and secure remote management experience. https://cloudblogs.microsoft.com/windowsserver/2018/04/12/announcing-windows-admin-center-our-reimagined-management-experience
3) Forrester Study: Modernize Your Device Management Using The Cloud. Today’s computing infrastructure acquisition, deployment, management, and servicing methods pose challenges to large and small organizations alike. As employees increasingly rely on myriad devices and applications to do their jobs, IT professionals must find efficiencies in how they provision and support new devices and applications. Luckily, operating system (OS) solutions that are fully integrated with the cloud and designed to work across devices are emerging. https://info.microsoft.com/ModernizeYourDeviceManagement.html
4) With the upcoming release of Windows 10, version 1803, we are taking the next steps in our efforts to make kiosks even more capable – and easier – to deploy and configure.
5) Announcing MSIX – bringing together the best of UWP and traditional MSI applications. Including a partnership with Advanced Installer Express edition. https://www.youtube.com/watch?v=AUUwZTurcmQ
|Security & Compliance|
1) Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices.
2) Azure AD Conditional Access policies can now check device health as reported by Windows Defender Advanced Threat Protection. https://cloudblogs.microsoft.com/enterprisemobility/2018/04/17/password-less-sign-in-to-windows-10-azure-ad-using-fido2-is-coming-soon-plus-other-cool-news
3) New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security. Includes: automated investigation + remediation of threats, Microsoft 365 conditional access based on device-risk, advanced hunting, signal sharing across the Intelligent Security Graph, Windows Secure Score reports on devices’ security posture with actionable recommendations. http://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security
4) With Windows 10 1803, we are implementing the first phase of Windows Defender System Guard runtime attestation, laying the groundwork for future innovation in this area. This includes developing new OS features to support efforts to move towards a future where violations of security promises are observable and effectively communicated in the event of a full system compromise, such as through a kernel-level exploit. Runtime attestation can help in many scenarios, including: providing supplementary signals for endpoint detection and response (EDR) and antivirus vendors, detecting artifacts of kernel tampering/rootkits/exploits, protected game anti-cheat scenarios, sensitive transactions, conditional access. https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation
5) Windows Defender ATP will now be able to provide the machine-risk level to conditional access (powered by Microsoft Intune and Azure Active Directory) to block compromised devices from accessing corporate resources. https://cloudblogs.microsoft.com/enterprisemobility/2018/04/18/enhancing-conditional-access-with-machine-risk-data-from-windows-defender-advanced-threat-protection
6) Teaming up in the war against social engineering attacks like tech support scams with Windows 10. https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams
7) Nearly one year passed since David das Neves had written a comprehensive summary around PowerShell Security (http://aka.ms/PSSecEnt). There are many security controls which need to be known and configured. But the problem for most admins is ‘Where to start and where to end?’. This article provides guidance on how to prioritize those security controls. https://blogs.msdn.microsoft.com/daviddasneves/2018/04/25/prioritize-all-the-security-controls
8) We now have a published table of which Windows Defender Exploit Guard feature works with which edition of Windows 10 (Professional vs. Enterprise E3 vs. Enterprise E5).
9) Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected customers from a massive Dofoil outbreak that we traced back to a software update poisoning campaign several weeks prior. In this blog post, we will expound on Dofoil’s anti-debugging and anti-analysis tactics, and demonstrate how the rich detection libraries of Windows Defender Advanced Threat Protection and Windows Defender Exploit Guard can help during investigation. https://cloudblogs.microsoft.com/microsoftsecure/2018/04/04/hunting-down-dofoil-with-windows-defender-atp
1) Make the most of your time with the new Windows 10 update for April 2018. With Timeline, your Windows 10 PC lets you go back in time up to 30 days to find your stuff, whether you were working on it earlier today, last week, or a few weeks ago. With Focus Assist, use whenever you want to get things done without distractions, like social media or other notifications. Or set it to turn on automatically at certain times during the day when you want focused time. With Dictation, it’s now easier than ever to take a note or write a paper, with just your voice. http://blogs.windows.com/windowsexperience/2018/04/27/make-the-most-of-your-time-with-the-new-windows-10-update
2) Windows 10 Tip: Five expert tips to help you master ink in OneNote. http://blogs.windows.com/windowsexperience/2018/04/02/windows-10-tip-five-expert-tips-to-help-you-master-ink-in-onenote
3) Windows 10 Tip: 10 things you can do in Windows Mixed Reality right now. http://blogs.windows.com/windowsexperience/2018/04/09/windows-10-tip-10-things-you-can-do-in-windows-mixed-reality-right-now
4) Windows 10 Tip: Five things you might not know that you can do right now with your Windows 10 PC.
5) Windows 10 Tip: Five keyboard shortcuts you may not know about. http://blogs.windows.com/windowsexperience/2018/04/23/windows-10-tip-five-keyboard-shortcuts-you-may-not-know-about
|In other news related to Windows 10…|
- Security baselines should underpin efforts to manage cybersecurity risk across sectors. Microsoft has published a new whitepaper on the role of security baselines, a set of foundational activities through which organizations can advance cyber risk management. Microsoft also advocates for baselines that engage executives and embed flexibility, enabling organizations security capabilities and investments to evolve with rapidly changing threats. https://cloudblogs.microsoft.com/microsoftsecure/2018/04/09/security-baselines-should-underpin-efforts-to-manage-cybersecurity-risk-across-sectors
- Your customers expect regular delivery of new capabilities, as well as support for existing applications. Find out how you compare to your peers—get The Case For Supporting Always Up-To-Date Operating Systems, a commissioned study conducted by Forrester Consulting, and discover the latest usage trends among software vendors like you. Reduce Complexity And Accelerate Your Application Release Cycle. Register to download the white paper now to review recent findings about cloud-enabled OS adoption and usage trends among software vendors. Plus, learn five critical recommendations to consider as you evolve your application support and release strategy.
- From an administration perspective, our vision for Microsoft 365 is to help simplify IT by unifying management across users, devices, apps and services. We are rolling out a new admin experience for Microsoft 365 enterprise customers. This will be a single place for admins to get started with Microsoft 365 and discover the breadth of management capabilities and experiences available to them across Office 365, Windows, and EMS, as well as Microsoft 365 Device Management. Integrated into this admin center is both the new Microsoft 365 Security & Compliance Center, dedicated to providing security and compliance specialists with integrated management capabilities across Office 365, Windows, and EMS, as well as Microsoft 365 Device Management. The Security and Compliance Center will be available shortly, with Device Management to follow afterwards. Please look forward to additional details. https://techcommunity.microsoft.com/t5/Office-365-Blog/Introducing-the-Microsoft-365-Admin-Center/ba-p/167392
- Microsoft security announcements from the RSA 2018 conference.
- Tapping the intelligent cloud to make security better and easier: Improving protection, Speeding up detection and response, Working across the industry, and The evolution of the intelligent edge. https://cloudblogs.microsoft.com/microsoftsecure/2018/04/16/tapping-the-intelligent-cloud-to-make-security-better-and-easier
- By connecting security data and systems, we can gain an advantage over todays adversaries. At Microsoft, our security products are powered by the Intelligent Security Graph which synthesizes massive amounts of threat intelligence and security signals from across Microsoft products, services, and partners using advanced analytics to identify and mitigate cyberthreats. This week at the RSA conference, we announced the public preview of a Security API that empowers customers and partners to build on the Intelligent Security Graph. By connecting security solutions and integrating with existing workflows, alerts and contextual information from multiple solutions can be easily consolidated and correlated to inform threat detection, and actions can be taken to streamline incident response. The unified API will make these connections easier by providing a standard interface and uniform schema to integrate and correlate security alerts from multiple sources, enrich investigations with contextual data, and automate security operations for greater efficiency. https://cloudblogs.microsoft.com/microsoftsecure/2018/04/17/connect-to-the-intelligent-security-graph-using-a-new-api