Providing insights into Windows 10 deployment & management, security & compliance, and productivity. Also see other news related to Windows 10.
Do you deploy, configure, secure, manage, and monitor devices and client applications in an enterprise environment? Do you manage identity, access, policies, updates, and apps and collaborate with the M365 Enterprise Administrator to design and implement a device strategy that meets the business needs of a modern organization? Are you familiar with M365 workloads and proficient in deploying, configuring, and maintaining Windows 10 and non-Windows devices and technologies? If so, it’s time to earn your Modern Desktop Administrator certification! https://www.microsoft.com/en-us/learning/community-blog-post.aspx?BlogId=8&Id=375176
Deployment & Management
Microsoft 365 enables customers to shift to a modern desktop experience puts it at the heart of workplace transformation. A modern desktop with Windows 10 and Office 365 not only offers the most productive and most secure computing experience, it also saves IT time and money, and allows for a focus on driving business results. For many companies, their specific needs require a modern desktop be virtualized. To help extend our virtualization capabilities and provide an even richer experience for Microsoft 365 customers, we are excited to announce the acquisition of FSLogix. FSLogix is a next-generation app-provisioning platform that reduces the resources, time and labor required to support virtualization. From small businesses to very large global enterprises across numerous industries, FSLogix solutions enhance customer experience and productivity, while reducing support requirements for IT departments. https://blogs.microsoft.com/blog/2018/11/19/microsoft-acquires-fslogix-to-enhance-the-office-365-virtualization-experience
Microsoft is excited to announce that we are named a Leader for Enterprise Mobility + Security (EMS) in the inaugural Forrester Wave: Unified Endpoint Management, Q4 2018. Forrester notes in the report that, Microsoft’s release of co-management in late 2017 has bolstered the company’s ability to serve advanced Windows 10 management use cases and provides a flexible path for customers to test out modern management. Forrester also recognizes Microsoft for having the some of the strongest security capabilities in the evaluation of 12 vendors. https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-is-a-Leader-in-The-Forrester-Wave-Unified-Endpoint/ba-p/294820
Traditionally, the desktop management scenario for most enterprises has been one where all users and devices are located on-site with a direct network connection. That’s been the state of things for years. But the workplace is changing. More of your users work remotely full-time; some never set foot in your physical facilities. If you do the initial setup for a Windows 10 device on-premises, you start out in control. But if those devices are distributed to your remote workforce, how do you maintain control? How do you make sure user devices are secure and up-to-date while keeping the update process simple and hassle-free? In short, you implement a modern desktop management strategy. https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Modernize-desktop-management-with-Azure-Active-Directory/ba-p/295899
Windows Transport converges on two Congestion Providers: Cubic and LEDBAT. In the heart of the Windows kernel there is a networking stack. At the heart of the networking stack there is a layer called Transport and Transport contains a suite of algorithms called Congestion Providers. This post takes a look at the difference between the two along with a deeper view into the difference between them using the example of a software update being delivered by SCCM. https://blogs.technet.microsoft.com/networking/2018/11/07/windows-transport-converges-on-two-congestion-providers-cubic-and-ledbat
Modern desktop servicing: the year in review. Since Windows 10 first shipped, and the Windows as a service model was introduced, we have heard you talk about three common concerns: application compatibility, end user interruption, and network bandwidth impact. I’m happy to report that, in 2018, we made significant progress in addressing each of these concerns. https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Modern-desktop-servicing-the-year-in-review/ba-p/304395
New! Microsoft 365 Modern Desktop podcast channel. In this series, we’ll explore the good, the bad, and yes the ugly of servicing and delivery for Windows 10 and Office ProPlus. We’ll talk about modern desktop management through Enterprise Mobility, security, even Cloud attached and co-managed environments. http://m365mdp.mpsn.libsynpro.com
Driver quality in the Windows ecosystem. Ensuring Windows 10 works great with all the devices and accessories our customers use is a top priority for our team. There are millions of configurations of hardware and driver combinations in the Windows ecosystem, allowing for great customer choice and unlocking opportunity for partners. We work closely with this broad mix of partners to test new drivers, monitor health characteristics over time, and make Windows and our ecosystem more resilient architecturally. In this blog, part of our series on the Windows approach to quality, Tom Frankum from our Silicon, Graphics and Media team will provide more detail about the work we do to improve Windows driver quality. https://blogs.windows.com/windowsexperience/2018/12/19/driver-quality-in-the-windows-ecosystem
Modern desktop servicing: the year in review. 2018 was a pivotal year for the modern desktop and the servicing transformation journey we have been taking with you and your organization. With that in mind, I thought it would be good to look back and recap the progress that has been made, highlight significant events, and provide insight into what 2019 has in store. https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Modern-desktop-servicing-the-year-in-review/ba-p/304395
Security & Compliance
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers. Microsoft customers using the complete Microsoft Threat Protection solution were protected from the attack. Behavior-based protections in multiple Microsoft Threat Protection components blocked malicious activities and exposed the attack at its early stages. Office 365 Advanced Threat Protection caught the malicious URLs used in emails, driving the blocking of said emails, including first-seen samples. Meanwhile, numerous alerts in Windows Defender Advanced Threat Protection exposed the attacker techniques across the attack chain. https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers
Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP. In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring delivered comprehensive coverage of attacker techniques across the entire attack chain. https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp
Video (1:57) on the Windows channel on YouTube features how Windows Information Protection (WIP) helps prevent users from accidentally copying work data to personal sites. https://youtu.be/1s09SrwxccM
Microsoft has put a lot of effort in Hyper-V security. Hyper-V, and the whole virtualization stack, runs at the core of many of our products: cloud computing, Windows Defender Application Guard, and technology built on top of Virtualization Based Security (VBS). Read more from Microsoft’s Security Research & Defense about the first steps in Hyper-V security research including an intro to the virtualization stack, the debugging environment, and addressing the attack surface inside and outside the hypervisor. https://blogs.technet.microsoft.com/srd/2018/12/10/first-steps-in-hyper-v-research
One of our goals in the Microsoft Security Response Center (MSRC) is to be more transparent with security researchers and our customers on the criteria we use for determining when we intend to address a reported vulnerability through a security update. Our belief is that improving transparency on this topic helps provide clarity on how we assess risk, sets expectations for the types of vulnerabilities that we intend to service, and facilitates constructive dialogue as the threat landscape evolves over time. In September 2018, the first version of the security servicing criteria for Windows was announced; it’s expected that this will be a living document that evolves over time as Microsoft continues the dialogue with the community on this topic. https://blogs.technet.microsoft.com/srd/2018/09/10/microsoft-security-servicing-criteria-for-windows
Windows Defender ATP has protections for USB and removable devices. We know, unfortunately, that people will plug in devices with unknown history (and that there are also attackers out there who directly attempt to control devices without relying on social engineering). These devices could be the source of malware infections that use USB and other removable devices to get initial access to a system or network. This vector of attack falls under social engineering in this case, appealing to our weakness for shiny things: when we see a free item were inclined to take it. To help protect against these attacks, you can prevent any removable device from being seen and interacted with by blocking users from using any removable device on the machine. https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices
Tackling phishing with signal-sharing and machine learning.With ML-based detection of malicious PDF files used for phishing, Windows Defender ATP uses multiple layers of machine learning models to correctly identify malicious content. Most attacks are caught by the first few layers, which swiftly make a verdict and protect customers at first sight during the early stages of attacks. More sophisticated attacks may need the more complex classifiers in further layers, which take more time but make sure additional protections catch attacks that evade the first, faster classifiers. https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/tackling-phishing-with-signal-sharing-and-machine-learning
How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine? Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation. https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849
Productivity
Microsoft Edge: Making the web better through more open source collaboration.
TL;DR documentation to explain the Microsoft Edge team’s plans and intentions related to Microsoft Edge and clarify the Chromium open-source project on how the work will proceed. https://github.com/MicrosoftEdge/MSEdge
Introducing the Office app for Windows 10! Last year, we updated Office.com with a new experience focused on two simple things: helping users get the most out of Office and getting them back into their work quickly. The streamlined site has clearly resonated with customers, and now more than 40 percent of Office 365 web users start their work by visiting Office.com. Starting today, we’re bringing this experience to Windows 10 in the form of an app, simply called Office. It’s now available to Windows Insiders (Fast) and will roll out to all Windows 10 users soon. The app itself is free and it can be used with any Office 365 subscription, Office 2019, Office 2016, or Office Online—the free web-based version of Office for consumers. https://www.microsoft.com/en-us/microsoft-365/blog/2018/12/19/introducing-the-office-app-for-windows-10
The evolution of Microsoft Threat Protection (MTP), December update on Azure Security Center. Additionally, we overview a real-world scenario showcasing where MTP stops threats as envisioned with solution integrations. During the Tropic Trooper attack campaign, Windows Defender Advanced Threat Protection (WDATP), Azure Active Directory (Azure AD), and Office 365 ATP services worked in sync, helping ensure the threat was addressed quickly with no adverse impact. The campaign initiated several Windows Defender ATP alerts triggering its device risk calculation mechanism, which ascribed affected endpoints with high risk scores. These endpoints were put to the top of the list in Windows Defender Security Center leading to early detection and discovery of the attack. Windows Defender ATP seamlessly integrates with Azure AD featuring conditional access. During Tropic Trooper, conditional access blocked high-risk endpoints from accessing sensitive content, protecting other users, devices, and data in the network. https://cloudblogs.microsoft.com/microsoftsecure/2018/12/12/the-evolution-of-microsoft-threat-protection-december-update
t3chn1ck 