Windows 10 News You Can Use – November 2018

Posted on November 2, 2018

If you’re in IT, make sure you join us Thursday, December 13th from 9:00-10:00 a.m. Pacific Time to get up to speed and get your questions answered about Windows 10, version 1809. We’ve assembled a group of engineers and product managers from the Windows, Window Defender ATP, System Center Configuration Manager, Microsoft Intune, Microsoft Edge, and Microsoft 365 teams—and we’ll be answering your questions live during what promises to be an exciting and informative “Ask Microsoft Anything” (AMA) event.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/November-1st-Windows-10-version-1809-AMA-for-IT-pros/ba-p/265894

• What’s new for IT pros in Windows 10, version 1809
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1809/ba-p/263909
• Video (2:59) – Discusses new features to help IT Pros update process, configure intelligent solutions to secure devices, deploy and manage in new ways, all while also enabling end-users be more productive.
  https://www.youtube.com/watch?v=hAva4B-wsVA
• What’s new in Microsoft Edge in the Windows 10 October 2018 Update.
  http://blogs.windows.com/msedgedev/2018/10/04/edgehtml-18-october-2018-update
• The Windows 10 October 2018 Update is available now, and we’re also releasing new innovations in Office 365, To-Do and Outlook.com. These updates were designed to help you make the most of your time across work, home and everywhere in between. See this article for our favorite new features in Windows & Office.
  https://blogs.windows.com/windowsexperience/2018/10/02/find-out-whats-new-in-windows-and-office-in-october
• What’s new in printing in Windows 10, version 1809.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-in-printing-in-Windows-10-version-1809/ba-p/267182
• At Microsoft, we believe our technology should reflect the diversity of the people that use our products. We are excited to share how the Windows 10 October 2018 update delivers on that mission by giving you more accessibility features than ever before to enhance your personal computing experience.
  http://blogs.windows.com/windowsexperience/2018/10/03/windows-10-accessibility-in-the-october-2018-update

• Microsoft Mechanics video (19:44) – Windows Virtual Desktop, a new remote desktop solution on Azure, learn how you can now use Windows 10 Enterprise to allow multiple users to connect concurrently, which in the past was only available on Windows Server. All this works without the need to set up or manage virtual desktop infrastructure running remote desktop services. We’ll show you steps for getting this service up and running in minutes and as you migrate to Windows 10, discover how we now allow you to continue run Windows 7 if you need to and benefit from 3 years of Extended Security Updates with Azure.
  https://www.youtube.com/watch?v=_7G37PFYVe4
• Would you like to learn more about Windows Virtual Desktop?
  https://techcommunity.microsoft.com/t5/Microsoft-365/Windows-Virtual-Desktop-learning-and-readiness-resources/m-p/275494
• Ensuring that your organization acquires and retains the necessary language packs (LPs) and language Features on Demand (FODs) to enable employees to use their Windows 10 devices in their preferred language is a crucial part of managing corporate machines, especially when keeping them up to date with the latest Windows 10 feature updates. Today, you have three options to update a managed PC to the latest Windows 10 feature update: servicing, media upgrades, and wipe/reload. This article provides guidance for all three scenarios, and information on how to acquire language pack content once a device is up to date.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Language-pack-acquisition-and-retention-for-enterprise-devices/ba-p/275404
• At Ignite 2018, Microsoft announced support for Windows Autopilot for existing devices allows you to reimage and provision a Windows 7 device for Windows Autopilot user-driven mode. You can test this scenario now using Configuration Manager 1806 or later and Windows 10 Insider Preview Build 18252. In this post, Microsoft will take you through the steps to accomplish this using a single SCCM (current branch) task sequence.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrade-Windows-7-using-Windows-Autopilot-in-Configuration/ba-p/267747
• Microsoft recently made a promise I’ve been hoping to make for a long time: if an app works on a previous version of Windows and, when you update to the latest version of Windows 10, it stops working, we’ll fix it for free. With Desktop App Assure, if you hit a snag in a pilot or your deployment, you have a team of application compatibility experts who will support you and get you back up and running as quickly as possible. This makes it much easier to align your testing patterns to your predicted or measured failure rates. Let’s look at some examples of what kinds of application compatibility issues can you bring to Desktop App Assure.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-is-Desktop-App-Assure/ba-p/270232
• Microsoft IT recently deployed Windows 10 to 96,000 distributed users at Microsoft. The deployment included both remote users and users on the corporate network and was completed in nine weeks. To improve on past operating system deployments, Microsoft IT deployed Windows 10 as an in-place upgrade that maintained productivity. Download the report now to see how they did it.
  https://www.microsoft.com/en-us/download/details.aspx?id=50377
• Clearing the confusion on support lifecycle of App-V and MSIX. Furthermore, with the advent of MSIX you might be wondering, “Should I move to MSIX now”? or “Why am I investing in App-V?”
  https://blogs.msdn.microsoft.com/sgern/2018/10/17/support-lifecycle-app-v-and-the-msix-confusion
  https://blogs.msdn.microsoft.com/sgern/2018/06/29/but-what-about-app-v
• Microsoft Mechanics now has a series of videos in their (desktop deployment essentials playlist) with steps to help in your Modern Desktop deployment process. These videos includes subjects such as device and application readiness, directory and network readiness, Office and LOB application delivery, user files and settings, considerations for security and compliance, options for deploying Windows 10, and staying up-to-date with Windows 10 and Office 365.
  https://www.youtube.com/playlist?list=PLXtHYVsvn_b_0LjDWej-d3x8C1JDEB5vh
• In almost any network, Delivery Optimization can be a highly effective tool, efficiently delivering content to devices and reducing the need for more internet bandwidth. This post outlines some potential scenarios that your organization might be required to accommodate, and the options you have when configuring Delivery Optimization to help you manage bandwidth. While these scenarios may not align strictly to real-life scenarios, this case study of Microsoft’s use of Delivery Optimization provides deeper insight into using peer-to-peer update distribution on a large scale.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Delivery-Optimization-Scenarios-and-configuration-options/ba-p/280195
• Microsoft Mechanics video (17:48) – An end-to-end look at IT pro updates for device and app readiness for Windows 10 and Office 365 ProPlus. Lead engineer Amesh Mansukhani demos your options and offers real-world guidance for getting off older versions of Office and Windows. Includes updates to Windows Analytics with built-in Office compat, OCT integration with SCCM, how to manage updates and more.
  https://www.youtube.com/watch?v=HmWD9SYlYv0
• Microsoft Mechanics video (21:21) – Join Randy Wong from the OneDrive engineering team for a 15-minute introduction on new capabilities that support your shift from Windows 7 to the Windows 10 and Office 365 ProPlus modern desktop with Known Folder Move.
  https://www.youtube.com/watch?v=bYUsy-k-8vc
• Microsoft Mechanics video (22:16) – Watch a demonstration of what you can do with your existing process and tools while harnessing the latest updates to Systems Center Configuration Manager and co-management capabilities when cloud connected with Microsoft Intune; next-gen provisioning approaches and updates with Windows AutoPilot and how to stay current and up to date with Windows and Office as a Service.
  https://www.youtube.com/watch?v=1XEVTJUwe6I
• Microsoft Mechanics video (20:26) – Are you ready to deploy Windows 10 and Office 365 ProPlus using your preferred deployment tools? In this show find out what’s new, what’s changed, and learn the best practices for real-world and proven deployment recommendations for how to shift to a modern desktop.
  https://www.youtube.com/watch?v=im0P-dcBpTE
• If you’re building a modern desktop to provide a more secure, productive—and enjoyable—experience for your users, you’re not alone. Learn how you can use Microsoft’s FastTrack services to accelerate your shift to a modern desktop or your efforts to stay up-to-date. FastTrack can help you in your journey to manageable, secure, and up-to-date Windows 10 devices leveraging Intune and Office 365 ProPlus. Find out how FastTrack can help you create a better plan and assist you to resolve deployment blockers based on our learnings and experiences from helping thousands of customers optimize their journey!
  https://www.youtube.com/watch?v=l6ZexfoJvs4

• Microsoft has changed the schema for Attack Surface Reduction (ASR) in Windows Defender ATP to make it easier for you to set up protective ASR controls and increase the cost and complexity to any adversary who may be trying to target you! In this post, Chris Jackson shows how to apply the new schema to the existing queries from his previous blog, to get a feel for how that would work on any queries you may have written or want to write.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Schema-changes-to-Attack-Surface-Reduction-in-Windows-Defender/ba-p/277934
• Windows Defender Antivirus has hit a new milestone: it can now run within a sandbox. With this new development, WDAV becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security. Read more about “why sandbox, and why now?”, implementation of the WDAV sandbox, and innovations looking ahead.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox
• Security baseline (DRAFT) for Windows 10 v1809 and Windows Server 2019.
  https://blogs.technet.microsoft.com/secguide/2018/10/01/security-baseline-draft-for-windows-10-v1809-and-windows-server-2019
• The Security Update Validation Program (SUVP) is a quality assurance testing program for Microsoft security updates. The SUVP provides early access to Microsoft security updates—up to three weeks in advance of the official release—for the purpose of validation and interoperability testing. The program encompasses any Microsoft products for which we fix a vulnerability (e.g. Windows, Office, Exchange, or SQL Server) and is limited to trusted customers under NDA who have been nominated by a Microsoft representative.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-is-the-Security-Update-Validation-Program/ba-p/275767

• Windows 10 Tip: Update your tasks using ink.
  http://blogs.windows.com/windowsexperience/2018/10/08/windows-10-tip-update-your-tasks-using-ink
• Windows on YouTube video (0:52) – Learning Tools for Microsoft Edge. New built in tools that help improve learning.
  https://www.youtube.com/watch?v=i0iE-wGfoc4
• Windows on YouTube videos – Your Phone app connects your Android phone to your Windows 10 computer, so you have all of your incoming notifications in one spot. Get your texts and most recent photos right on your computer, then drag and drop your photos anywhere you need them.
  • Introducing Your Phone app (1:00) – https://www.youtube.com/watch?v=XO303V2bQsg
  • Better together (0:40) – https://www.youtube.com/watch?v=EdnvBcnaP5o
  • How to get Your Phone app (0:51) – https://www.youtube.com/watch?v=w6kVbhUGMGc
• Windows on YouTube video (0:40) – Introducing Timeline for Phone. Pick up your phone and go back in time to past activities with the Microsoft Launcher app.
  https://www.youtube.com/watch?v=D_5XjZLDFlg
• Microsoft Mechanics video (15:28) – Watch to see Office desktop and mobile app updates for AI, teamwork, creativity, and accessibility plus new end-user capabilities to help with productivity and working on the go in Windows 10 1803 and RS5. Jack Elmore takes on the challenge of demoing the latest Office and Windows client updates in 10 minutes. Can he do it?
  https://www.youtube.com/watch?v=7z8CeqVP3dY

• New Surface devices, along with new innovations in Windows and Office 365, offer more performance and productivity across your whole life. Today we are proud to share four new Surface products with the world. Products built for people. Meet Surface Pro 6, Surface Laptop 2, Surface Studio 2 and Surface Headphones.
  http://blogs.windows.com/devices/2018/10/02/meet-surface-pro-6-surface-laptop-2-surface-studio-2-and-surface-headphones
• With the new Surface devices, Windows 10 and Office 365, we are beginning our journey to empower you in this new era of personal productivity. We recognize our incredible opportunity and responsibility as a technology company to help you make the most of your digital lifestyle. We’re just getting started, but you can expect to see more as we focus on meeting your needs across your whole life and engaging in responsible product making that has inclusivity and empowerment at the core.
  http://blogs.windows.com/windowsexperience/2018/10/02/empowering-a-new-era-of-personal-productivity-with-new-surface-devices
• Video (0:36) – Why become a Windows Insider?
  https://www.youtube.com/watch?v=vtbT2pVRii0
• Microsoft Mechanics video (17:06) – A tour of the latest security and compliance updates for Microsoft 365. Starting with defense in depth security capabilities across identity, data, devices and applications, including the latest in passwordless authentication, information protection and advanced threat protection.       As well as improvements to assessing and managing your security and compliance posture across Microsoft 365 with Microsoft Secure Score, Compliance Manager, Advanced eDiscovery and more.
  https://www.youtube.com/watch?v=GcAdn7AwOuk
• Take steps to secure your business and users with our security business assessment. The Microsoft Security Assessment can help you discover where you are vulnerable and provide personalized recommendations to improve your security posture. Microsoft security experts collaborated to create a personalized Cybersecurity Assessment covering more than 20 security points in 4 key Cybersecurity categories with the purpose of helping you pinpoint strengths and weaknesses in your Cybersecurity efforts. After completing the form, you’ll receive a report with guidance to strengthen your security as well as access to additional guides and resources.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/10/22/take-steps-to-secure-your-business-and-users-with-our-security-business-assessment
• Infographic: Top 10 security deployment actions with Microsoft 365. Take these actions to strengthen security across your users, devices, apps, and data.
  https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2wYd3
• Introducing the Windows Internals Series: One Windows Kernel.
  https://insider.windows.com/en-us/articles/introducing-the-windows-internals-series-one-windows-kernel
• Windows 10 IoT delivers innovation and intelligence at the edge with the October 2018 Update.
  http://blogs.windows.com/windowsexperience/2018/10/04/windows-10-iot-delivers-innovation-and-intelligence-at-the-edge-with-the-october-2018-update

Windows 10 News You Can Use – October 2018

Posted on October 1, 2018

Providing insights into Windows 10 deployment & management, security & compliance, and productivity.

There were more than 100 sessions focused on Windows at Microsoft Ignite 2018, and everything from a first look at Desktop Analytics and the Microsoft Managed Desktop to deep dives on Windows Autopilot, Windows servicing, Delivery Optimization, and credential protection, and so much more. Here is a list of the activities that took place for you to review and learn about.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/A-guide-to-Windows-at-Microsoft-Ignite-2018/ba-p/260409

The Microsoft Ignite 2018 Book of News is your guide to ALL the announcements that Microsoft made on Sept. 24, with summaries of the news and links to more information.

• Announcing Windows Virtual Desktop, the best virtualized Windows and Office experience delivered on Azure. Windows Virtual Desktop is the only cloud-based service that delivers a multi-user Windows 10 experience, optimized for Office 365 ProPlus, and includes free Windows 7 Extended Security Updates. With Windows Virtual Desktop, you can deploy and scale Windows and Office on Azure in minutes, with built-in security and compliance.
  https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/24/microsoft-365-adds-modern-desktop-on-azure
• New Windows Autopilot capabilities and expanded partner support that simplify modern device deployment.
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-Windows-Autopilot-capabilities-and-expanded-partner-support/ba-p/260430
• Delivering security innovation that puts Microsoft’s experience to work for you.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/09/24/delivering-security-innovation-that-puts-microsofts-experience-to-work-for-you
• Announcing new Microsoft information protection capabilities to help protect your sensitive data! Microsoft is taking another big step in the journey, with several announcements and updates, including endpoint protection based on sensitivity labels using Windows Information Protection (coming October 2018).
  https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Announcing-availability-of-information-protection-capabilities/ba-p/261967

Why and how you simplify IT with Microsoft 365. At Microsoft Ignite, Brand Anderson showed 75 minutes worth of examples of how Microsoft has applied a new philosophy to the way we build tools and services for IT pros. We refer to this approach to architecture, development, and end-user experience in Microsoft 365 as being “Integrated for Simplicity.” Our goal with this integrated simplicity is to make it as easy as possible for our customers to shift to a modern desktop and make their modern workplace a reality.
https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/28/why-and-how-you-simplify-it-with-microsoft-365

1. Free e-book from Microsoft on making the shift to a modern desktop with Microsoft 365. It summarizes top considerations for deploying new PCs or getting PCs back to a business ready state, starting with some of the key things that may have changed since your last major desktop deployment. Followed by a pragmatic step-by-step approach to making the shift.
   https://info.microsoft.com/ww-landing-M365MD-making-the-shift-to-the-modern-desktop-eBook.html
2. Announcing the Microsoft Managed Desktop (MMD), a new initial offering that brings together Microsoft 365 Enterprise, device as a service, and cloud-based device management by Microsoft. MMD enables customers to maximize their IT organizations’ focus on their business while Microsoft manages their modern desktops. We believe that MMD will be an option that allows organizations to fundamentally shift how they think about and manage their IT. Through MMD, customers will be able to move toward a secure, always up-to-date environment with device management by Microsoft.
   https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/17/collaborating-with-customers-and-partners-to-deliver-a-modern-desktop-microsoft-managed-desktop
3. Join Microsoft CVP Brad Anderson to discover the benefits of a modern desktop, major changes and considerations versus previous deployments and best practices to ensure a smooth transition to Windows 10 and Office 365 ProPlus. This will guide you through the recommended steps for your shift to Windows 10 and Office 365 ProPlus, detailing how to leverage your existing tools and processes while adopting modern management technology and approaches along the way.
   https://techcommunity.microsoft.com/t5/IT-Resources-Training-Blog/How-to-shift-to-a-modern-desktop/ba-p/259907
4. A modern desktop offers end users the most productive, most secure computing experience—it also saves IT time and money, so you can focus on driving business results. To help you make the shift to a modern desktop, we’re pleased to announce the following important changes. (a) Cloud-based analytics tools to make modern desktop deployment even easier. (b) A program to ensure app compatibility for upgrades and updates of Windows and Office. (c) Servicing and support changes to give you additional deployment flexibility.
   https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop
5. Windows Autopilot now includes delivering BitLocker policy at OOBE, so you no longer have to decrypt and re-encrypt to get automatic BitLocker devices to meet policy (e.g. 256-bit encryption).
   https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-whats-new#delivering-bitlocker-policy-to-autopilot-devices-during-oobe
6. Forrester found that Unified Endpoint Management (UEM) is finally a viable alternative to managing PCs and mobile devices separately. Download the free report which holds a comprehensive overview of the current UEM space—along with vendor recommendations, best practices, and caveats.
   https://resources.office.com/ww-landing-M365PD-Forrester-UEM-Finally-Arrives-WhitePaper.html
7. Reduced Windows 10 package size downloads for x64 systems! The new feature updates, released as Electronic Software Distribution (ESD) files through WSUS, provide you with the option to download the x64 file as a separate package. By separating the files by system type, the download file becomes approximately 2.6 GB for the x64 package, saving you approximately 2.2 GB of download size immediately.
   https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Reduced-Windows-10-package-size-downloads-for-x64-systems/ba-p/262386
8. Major updates to documentation on Windows Hello for Business!
   https://aka.ms/whfb
9. Use the “Flight Hub” dashboard to quickly identify the latest Windows Insider Preview releases for PC, Server, IoT. You can also look up the status of the SDK and ISO images.
   https://docs.microsoft.com/en-us/windows-insider/flight-hub

1. Windows Defender Antivirus consistently achieves high scores in independent tests, displaying how it is a top choice in the antivirus market. We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities.
   https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests
2. Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV.
   https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av
3. Cyber thieves are catching on that we are watching them, so they are trying something different. A new malware campaign puts that to the test by targeting home users and small businesses in specific US cities. This was a focused, highly localized attack that aimed to steal sensitive info from just under 200 targets. Macro-laced documents masqueraded as statements from legitimate businesses. The documents are then distributed via email to target victims in cities where the businesses are located. With Windows Defender AVs next gen defense, however, the size of the attack doesn’t really matter.
   https://cloudblogs.microsoft.com/microsoftsecure/2018/09/06/small-businesses-targeted-by-highly-localized-ursnif-campaign
4. We have seen many IT departments simplify their deployment strategies using Windows Update for Business to more quickly improve productivity and the Windows 10 experience for their end users. Learn about the experience of one of those customers to help you better understand how you can leverage Windows Update for Business—in conjunction with Windows Analytics—to help you do the same.
   https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-amp-Windows-Analytics-a-real-world/ba-p/242417
5. Windows Defender ATP September 2018 preview features are out!
   https://techcommunity.microsoft.com/t5/What-s-New/WDATP-September-2018-preview-features-are-out/m-p/242254#M95
6. Video: In software supply chain attacks, attackers infect legitimate apps to distribute malware. Attackers target software developers and suppliers, seeking access to source codes, build processes, or update mechanisms. They hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. Protect yourself, your customers, and your partners by strengthening your defenses against software supply chain attacks. Windows Defender Advanced Threat Protection’s security technologies are built into Windows 10 and create a unified endpoint security platform to defend against supply chain attacks.
   https://www.youtube.com/watch?v=uXm2XNSavwo

1. Windows 10 Tip: Set up Windows Hello from your lock screen.
   http://blogs.windows.com/windowsexperience/2018/09/10/windows-10-tip-set-up-windows-hello-from-your-lock-screen
2. Windows 10 Tip: Improvements to the HDR video experience.
   http://blogs.windows.com/windowsexperience/2018/09/04/windows-10-tip-improvements-to-the-hdr-video-experience
3. Windows 10 Tip: Get mobile with Microsoft Edge.
   http://blogs.windows.com/windowsexperience/2018/09/17/windows-10-tip-get-mobile-with-microsoft-edge
4. Watch our how-to video and have fun using a digital pen in Microsoft Office on your Surface. Edit your writing naturally, create standout presentations, and learn to design and use features like Ink Editor, Ink-to-Text, Remix 3D, Math Assist, and more.
   https://www.youtube.com/watch?v=U85n5sltzZw

• New blog series that responds to common questions Microsoft receives from customers about the deployment of Microsoft 365 security solutions. In this series, you’ll find context, answers, and guidance for deployment and driving adoption within your organization.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/09/04/protecting-user-identities
• Practical application of artificial intelligence that can transform cybersecurity.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/09/05/practical-application-of-artificial-intelligence-that-can-transform-cybersecurity
• For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. This set of short video clips gives customers a glance into the commitment we put into our daily work and suggests ways they can incorporate similar principles into their work. Security is a joint effort and together we can make a difference.
  https://blogs.technet.microsoft.com/msrc/2018/09/07/inside-msrc-sharing-our-story-customer-tips
• Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behaviors.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros
• What’s next for Surface Hub 2; sleek and intelligent design starts to ship in Q2 2019.
  http://blogs.windows.com/devices/2018/09/24/whats-next-for-surface-hub-2
• Microsoft Cloud App Security and Windows Defender ATP – better together! Microsoft Cloud App Security now uniquely integrates with Windows Defender Advanced Threat Protection (ATP) to enhance the Discovery of Shadow IT in your organization and extend it beyond your corporate network. Our CASB can now leverage the traffic information collected by the Windows Defender ATP, no matter which network users are accessing cloud apps from.
  https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-Cloud-App-Security-and-Windows-Defender-ATP-better/ba-p/263265

Windows 10 News You Can Use – September 2018

Posted on September 1, 2018 Updated on August 31, 2018

Providing insights into Windows 10 deployment & management, security & compliance, and productivity.

1)      Microsoft has heard from many customers to better understand the monthly Windows 10 quality update servicing cadence and terminology. In response, John Wilcox (principal program manager) shares the guiding principles, then dives into them further to provide context for the quality updates themselves.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376

2)      What’s next for Windows 10 and Windows Server quality updates.  Beginning February 12, 2019, Microsoft will end its practice of creating delta updates for all versions of Windows 10.  In its place, a new design for quality updates to the next major versions of Windows 10 and Windows Server, coming later this year. This design creates a compact update package for easier and faster deployment.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-next-for-Windows-10-and-Windows-Server-quality-updates/ba-p/229461

3)      With new improvements in Windows 10 MDM management, advancements in cloud technology, and BYOD trends, many organizations are looking for modern ways to management their Windows devices. Watch this recorded webinar session to see how you can leverage a modern management approach with Enterprise Mobility + Security (EMS) to simplify deployment and management, improve security, provide better end user experiences, and lower total cost of ownership for your Windows 10 devices.
https://resources.office.com/ModernWindows10managementwithEnterpriseMobilitySecurityEMS-OnDemandRegistration.html

4)      Basic (but easy to forget) tips to remediate Windows application compatibility challenges.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Basic-but-easy-to-forget-tips-to-remediate-Windows-app-compat/ba-p/238308

1)      Improve your defensive posture with Exploit Guard Attack Surface Reduction (ASR).  See this step-by-step guide from Microsoft’s Chris Jackson on how to configure, monitor, and deploy ASR while maintaining application compatibility.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Improve-your-defensive-posture-with-Exploit-Guard-ASR/ba-p/22494

2)      Interpreting Windows 10 Exploit Guard ASR audit alerts.  Learn about when to test and when not to.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Interpreting-Exploit-Guard-ASR-audit-alerts/ba-p/228366

3)      If you want an additional layer of protection from ransomware, try saving your files in OneDrive. It’s part of the new experiences that arrived with the Windows 10 April 2018 Update. Here’s how it works: If a ransomware threat is found on a device, Windows Defender will notify you of the threat, help you remove the ransomware from your device, and give you options to recover your OneDrive files to the state they were in before the attack occurred.
http://blogs.windows.com/windowsexperience/2018/08/06/save-your-files-to-onedrive-for-expanded-ransomware-protection

4)      Hardening Windows Defender ATP machine learning defenses against adversarial attacks.
https://cloudblogs.microsoft.com/microsoftsecure/2018/08/09/protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks

5)      Protecting the modern workplace from a wide range of undesirable software. To protect our customers from the latest threats, massive amounts of security signals and threat intelligence from the Microsoft Intelligent Security Graph are processed by security analysts and intelligent systems that identify malicious and other undesirable software. Our evaluation criteria describe the characteristics and behavior of malware and potentially unwanted applications and guide the proper identification of threats. https://cloudblogs.microsoft.com/microsoftsecure/2018/08/07/protecting-the-modern-workplace-from-a-wide-range-of-undesirable-software

1)      Windows 10 Tip: Use Paint 3D to edit your snips.
http://blogs.windows.com/windowsexperience/2018/08/20/windows-10-tip-use-paint-3d-to-edit-your-snips

• Surface Go now available!  Surface Go marks an important inflection point in our Surface journey. From the first tablet that could replace your laptop that pioneered the 2:1 category, to laptops that rival desktops, desktops that transform your desk into a Studio, and Surface Hub, which can make any space a collaborative space, Surface has always been about empowering you to be more productive and creative.
  http://blogs.windows.com/devices/2018/08/02/surface-go-available-now-starting-at-399
• Most companies focus their security solutions around users, devices, and apps, but often overlook the data that they are trying to protect.  How can I make sure company data is safe when employees use their own devices for work? With interoperating solutions for identity and access management, endpoint protection, information protection, and mobile device management (MDM), Microsoft 365 helps you protect your data against the complicated risks of a mobile landscape.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/08/02/protect-your-data-in-files-apps-and-devices
• Attending Black Hat USA 2018? Here’s what to expect from Microsoft.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/08/02/attending-black-hat-usa-2018-heres-what-to-expect-from-microsoft
• Now U.S.-based consumers using the latest Microsoft Edge browser on Windows 10 devices can sign in to their Microsoft account and use Microsoft Pay to make secure purchases wherever Masterpass is accepted online. More broadly, Microsoft Pay allows for a seamless and convenient consumer experience within the Microsoft ecosystem, including paying bills in Outlook, and buying goods or services in apps or bots.
  http://blogs.windows.com/windowsexperience/2018/08/06/microsoft-pay-is-now-available-with-masterpass
• Cybersecurity threats: How to discover, remediate, and mitigate through protecting identities, email, and the endpoint.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/08/13/cybersecurity-threats-how-to-discover-remediate-and-mitigate

Windows 10 News You Can Use – August 2018

Posted on August 1, 2018 Updated on July 31, 2018

Providing insights into Windows 10 deployment & management, security & compliance, and productivity.

On July 10^th, Windows 10 version 1803 was declared as a fully available Semi-Annual Channel (aka CBB) release. Be sure to also review “What’s new for IT pros in Windows 10, version 1803” at
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1803/ba-p/188568.

1)      Windows 10 quality updates explained & the end of delta updates. Beginning February 12, 2019 Microsoft will deprecate delta updates for all versions of Windows 10.  Learn about the role of Express Updates to reduce the impact to network delivery of quality updates.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426

2)      Forrester Study: Modernize Your Device Management Using the Cloud (whitepaper, updated June 2018).
https://resources.office.com/ModernizeYourDeviceManagementThankYou.html

3)      Detailed information on how Upgrade Readiness collects application inventory for your OMS workspace.  Includes info about data collection, appraiser updates, best practices, and troubleshooting!
https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-Upgrade-Readiness-collects-application-inventory-for-your/ba-p/213586

4)      Most companies manage their PCs and mobile devices with separate management tools. In a recent report, Forrester found that Unified Endpoint Management (UEM) is now a more optimal option—and a good way to help organizations modernize their management strategies.  Download this Forrester report to learn more.
https://resources.office.com/ww-landing-M365PD-Forrester-UEM-Finally-Arrives-WhitePaper.html

5)      Microsoft Mechanics’ 7-minute video which explores the latest capabilities in Windows Analytics across Upgrade Readiness, Update Compliance, and Device Health.
https://www.youtube.com/watch?v=4Kb78NmfV6E

6)      Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices.
https://docs.microsoft.com/en-us/windows/deployment/update/feature-update-mission-critical

7)      Suggested in-depth guidance on Windows Update for Business policies and how they have changed over time.
https://docs.microsoft.com/en-us/windows/deployment/update/wufb-onboard

8)      We are happy to announce that the MSIX Packaging Tool (Preview) is now available to from the Microsoft Store. MSIX Packaging Tool enables you to update your existing win32 application packages to the MSIX format.
https://techcommunity.microsoft.com/t5/MSIX-Blog/MSIX-Packaging-Tool-Preview-is-now-available-from-the-Microsoft/ba-p/216204

1)      Windows Defender Antivirus (WDAV) scores in the March-April 2018 tests. In this new iteration of the transparency report, we continue to investigate the relationship of independent test results and the real-world protection of antivirus solutions. We hope that you find the report insightful.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/20/march-april-2018-test-results-more-insights-into-industry-av-tests

2)      Introducing Web Authentication in Microsoft Edge.  With Web Authentication, Microsoft Edge users can sign in with their face, fingerprint, PIN, or portable FIDO2 devices, leveraging strong public-key credentials instead of passwords.
http://blogs.windows.com/msedgedev/2018/07/30/introducing-web-authentication-microsoft-edge

3)      Security Updates around side-channel speculative execution vulnerabilities (Spectre and Meltdown). New Disclosure: On June 13, 2018, an additional vulnerability involving side channel speculative execution, known as Lazy FP State Restore, was announced and assigned CVE-2018-3665. For more information about this vulnerability and recommended actions, please refer to the Security Advisory: ADV180016 | Microsoft Guidance for Lazy FP State Restore.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180016

4)      A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the app’s legitimate installer the unsuspecting carrier of a malicious payload. The attack seemed like just another example of how cybercriminals can sneak in malware using everyday normal processes. The plot twist: The app vendor’s systems were unaffected. The compromise was traceable instead to a second software vendor that hosted additional packages used by the app during installation. This turned out be an interesting and unique case of an attack involving “the supply chain of the supply chain”.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks

5)      Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis.  Includes the roles that Windows Defender Antivirus and Windows Defender ATP played in the security protections.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/11/hawkeye-keylogger-reborn-v8-an-in-depth-campaign-analysis

1)      Windows 10 Tip: Yikes, stop that sound! Mute-a-tab in Microsoft Edge.
http://blogs.windows.com/windowsexperience/2018/07/02/windows-10-tip-yikes-stop-that-sound-mute-a-tab-in-microsoft-edge

2)      Windows 10 Tip: Get more out of reading online with Grammar Tools in Microsoft Edge.
http://blogs.windows.com/windowsexperience/2018/07/09/windows-10-tip-get-more-out-of-reading-online-with-grammar-tools-in-microsoft-edge

3)      Windows 10 Tip: Windows Ink directly in textbox.
http://blogs.windows.com/windowsexperience/2018/07/16/windows-10-tip-windows-ink-directly-in-textbox-new-in-the-windows-10-april-2018-update

4)      Windows 10 Tip: Try reading on a full screen for a distraction-free experience in Microsoft Edge.
http://blogs.windows.com/windowsexperience/2018/07/23/windows-10-tip-try-reading-on-a-full-screen-for-a-distraction-free-experience-in-microsoft-edge

• Update 1806 for Configuration Manager current branch is now available!  Microsoft continues to invest in providing cloud powered value to your existing Configuration Manager implementation for Windows 10 with additional co-management workloads, simplified cloud services, and improvements to help you get current and stay current with Windows 10.
  https://cloudblogs.microsoft.com/enterprisemobility/2018/07/31/update-1806-for-configuration-manager-current-branch-is-now-available
• Meet the Surface Go, the smallest and most affordable Surface yet.
  • Announcement: https://blogs.windows.com/devices/2018/07/09/meet-surface-go-starting-at-399-msrp-its-the-smallest-and-most-affordable-surface-yet
  • Microsoft Mechanics’ engineering overview video: https://www.youtube.com/watch?v=hBxylZI4zl4
• How Microsoft 365 Security integrates with the broader security ecosystem.
• • Part 1: about the Microsoft 365 Security strategy for integrating with the broader security community.
    https://cloudblogs.microsoft.com/microsoftsecure/2018/07/17/how-microsoft-365-security-integrates-with-the-broader-security-ecosystem-part-1
  • Part 2: about the services Microsoft 365 Security offers customers to protect assets beyond the Microsoft ecosystem.
    https://cloudblogs.microsoft.com/microsoftsecure/2018/07/31/how-microsoft-365-security-integrates-with-your-broader-it-ecosystem-part-2
• Enable your users to work securely from anywhere, anytime, across all of their devices.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/07/18/enable-your-users-to-work-securely-from-anywhere-anytime-across-all-of-their-devices
• Gartner published their analysis of the Unified Endpoint Management (UEM) market, the Magic Quadrant for Unified Endpoint Management (UEM) Tools. Microsoft was placed in the Leaders quadrant!
  https://cloudblogs.microsoft.com/enterprisemobility/2018/07/25/microsoft-emerges-as-a-leader-in-gartner-mq-for-unified-endpoint-management-uem

Windows 10 News You Can Use – July 2018

Posted on July 2, 2018

Windows 10 news you can use, July 2018 edition Providing insights into Windows 10 deployment & management, security & compliance, and productivity. Also see other news related to Windows 10.

1)      For build 17682 of the Windows 10 Insider Preview, RSAT is now available on demand! What does that mean? You no longer need to manually download RSAT every time you upgrade! http://blogs.windows.com/windowsexperience/2018/05/31/announcing-windows-10-insider-preview-build-17682

2)      Techcommunity blog post which outlines the latest enhancements to Windows Autopilot in Windows 10, version 1803.  Specifically: Enrollment status, OEM and hardware vendor supply chain integration, BitLocker integration, automatic Windows Autopilot profile assignment, and device deletion with Microsoft Intune. https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Autopilot-What-s-new-and-what-s-next/ba-p/201884

3)      Microsoft Mechanics 8-minute video which explores the most recent updates to Windows Autopilot, which include a zero-touch experience for the deployment of new Windows 10 devices and device reset capabilities, all powered by Microsoft 365. https://www.youtube.com/watch?v=7t7xaV8sm50

4)      Walkthrough for deploying a kiosk using Windows Autopilot. https://blogs.technet.microsoft.com/mniehaus/2018/06/07/deploying-a-kiosk-using-windows-autopilot

5)      Announcing new extensions to the Windows Autopilot zero-touch experience with several new capabilities available in preview with the Windows Insider Program today.
https://www.microsoft.com/en-us/microsoft-365/blog/2018/06/07/simplifying-it-with-the-latest-updates-from-windows-autopilot

6)      Windows 10 Updates and Store GPO behavior with DualScan disabled and client managed by SCCM SUP/WSUS. https://blogs.technet.microsoft.com/swisspfe/2018/04/13/win10-updates-store-gpos-dualscandisabled-sup-wsus

7)      New FastTrack benefit from Microsoft: Deployment support for Co-management on Windows 10 devices. We’d like to provide a few highlights on what you can expect. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/18/new-fasttrack-benefit-deployment-support-for-co-management-on-windows-10-devices

8)      Implementing the Right Inertia in your Windows 10 Deployment Process: measuring and managing risk effectively with systems designed for change management.
https://blogs.msdn.microsoft.com/cjacks/2018/06/25/implementing-the-right-inertia-in-your-windows-10-deployment-process-defaulting-to-progress-vs-stasis

9)      Two new policies added for Edge when doing MDM management of Windows 10 through Microsoft Intune: Path to favorites file and Changes to Favorites. https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#edge-browser

1)      Virtualization-based security (VBS) memory enclaves: Data protection through isolation. The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution capability, resulting in widescale global outbreaks. Windows 10 remained resilient to these attacks, with Microsoft constantly raising the bar in platform security to stay ahead of threat actors. Virtualization-based security (VBS) hardens Windows 10 against attacks by using the Windows hypervisor to create an environment that isolates a secure region of memory known as secure memory enclaves. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/05/virtualization-based-security-vbs-memory-enclaves-data-protection-through-isolation

2)      Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Social engineering gives cybercriminals a way to get into systems and slip through defenses. The hardening of Windows 10 and Windows 10 in S mode, the advancement of browser security in Microsoft Edge, and the integrated stack of endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) further raise the bar in security. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering

3)      What is new in Windows 10 1803 for the Privileged Access Workstation (PAW) solution.
https://blogs.technet.microsoft.com/datacentersecurity/2018/06/08/what-is-new-in-windows-10-1803-for-paw

4)      Go beyond external defenses. Eradicate attacks faster when they get inside. Download the 5 risk points to avoid in enterprise security—crash course. You’ll see how solutions built in to an operating system can (a) Make user identities more secure to prevent malicious access to devices and systems, (b) Detect the hidden actions of attackers already inside your systems more quickly, and (c) Leverage the largest data sets that index billions of sources to alert you of attacks immediately. https://info.microsoft.com/5RiskPointsEbook.html

5)      Zero Trust networks eliminate the concept of trust based on network location within a perimeter. Instead, Zero Trust architectures leverage device and user trust claims to gate access to organizational data and resources. Read more about building Zero Trust networks with Microsoft 365, based on Azure Active Directory, conditional access, Windows Defender Advanced Threat Protection, Windows Defender System Guard runtime attestation, and Microsoft Intune. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/14/building-zero-trust-networks-with-microsoft-365

6)      Announcing the pre-release (v0.9) of “AaronLocker:” robust and practical application whitelisting for Windows. AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize rules for your specific requirements with simple text-file edits. AaronLocker includes scripts that document AppLocker policies and capture event data into Excel workbooks that facilitate analysis and policy maintenance. https://blogs.msdn.microsoft.com/aaron_margosis/2018/06/26/announcing-application-whitelisting-with-aaronlocker

1)      Windows 10 Tip: How to start creating in Paint 3D. http://blogs.windows.com/windowsexperience/2018/06/04/windows-10-tip-how-to-start-creating-in-paint-3d

2)      Windows 10 Tip: Go back and forth in time with Timeline, new in the Windows 10 April 2018 Update. http://blogs.windows.com/windowsexperience/2018/06/11/windows-10-tip-go-back-and-forth-in-time-with-timeline-new-in-the-windows-10-april-2018-update

3)      Windows 10 Tip: How to start using Nearby Sharing with the Windows 10 April 2018 Update.
http://blogs.windows.com/windowsexperience/2018/06/18/windows-10-tip-how-to-start-using-nearby-sharing-with-the-windows-10-april-2018-update

4)      SwiftKey intelligence comes to the touch keyboard in Windows 10 Insider Build 17692.
http://blogs.windows.com/windowsexperience/2018/06/14/announcing-windows-10-insider-preview-build-17692

5)      Windows 10 Tip: Search, shop and learn through the photos you take with Visual Search.
http://blogs.windows.com/windowsexperience/2018/06/25/windows-10-tip-search-shop-and-learn-through-the-photos-you-take-with-visual-search

• Public preview support for Windows 7 and Windows 8.1 with Windows Defender Advanced Threat Protection (WDATP).
  https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection
• We live in a time of both great opportunity and great responsibility. Our children have access to more information, entertainment and more ways to connect than ever before, but with that comes plenty of new things that parents like you and I need to worry about and new ways to distract their attention. Today, we are excited to introduce new features that make it easier and safer for families to interact with technology and, each other, across devices and platforms.  One feature announcement is with Microsoft Edge giving the ability to allow or block websites has always existed on your PCs….and now, we are extending this feature to you and your family’s Android devices. If you have set up a Microsoft family group, any websites you have already tagged as allowed or blocked for your kid(s) will carry the same settings as they try to access websites in Microsoft Edge on their Android devices. http://blogs.windows.com/windowsexperience/2018/05/31/microsoft-gives-parents-peace-of-mind-with-new-family-features-across-devices
• Getting the most value out of your security deployment. This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series you’ll find context, answers, and guidance for deployment and driving adoption within your organization. In the last blog Now that you have a plan, it’s time to start deploying, we covered some of the tactical issues that you’ll want to consider planning your Microsoft 365 Security deployment. Now we’ll move to the third and final step of an effective planning process: Drive Value. https://cloudblogs.microsoft.com/microsoftsecure/2018/05/31/getting-the-most-value-out-of-your-security-deployment
• The Microsoft Cybersecurity Reference Architecture describes Microsoft’s cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help you better utilize it.
  https://cloudblogs.microsoft.com/microsoftsecure/2018/06/06/cybersecurity-reference-architecture-security-for-a-hybrid-enterprise
• Defining a crisp modern security strategy to support business success. A modern security agenda needs to define the purpose of the security team, its vision and mindset. It should also explain the high-level strategies it will employ, and how it will be organized, including the definition of priorities and deadlines and how the results will be measured. More detailed information regarding enabling and accelerating digital transformation is available in this whitepaper. It is designed to articulate what a modern security strategy can look like, and is useful for CISOs, CIOs, CDOs, and potentially board members who want to learn more about secure transformation and benchmark their own teams. https://cloudblogs.microsoft.com/microsoftsecure/2018/06/12/updating-your-cybersecurity-strategy-to-enable-and-accelerate-digital-transformation
• Artificial Intelligence (AI) continues to be a key area of investment for Microsoft, and we’re pleased to announce that for the first time we’ve leveraged AI at scale to greatly improve the quality and reliability of the Windows 10 April 2018 Update rollout.  Our AI approach intelligently selects devices that our feedback data indicate would have a great update experience and offers the April 2018 Update to these devices first.  As our rollout progresses, we continuously collect update experience data and retrain our models to learn which devices will have a positive update experience, and where we may need to wait until we have higher confidence in a great experience.  Our overall rollout objective is for a safe and reliable update, which means we only go as fast as is safe. http://blogs.windows.com/windowsexperience/2018/06/14/ai-powers-windows-10-april-2018-update-rollout