Providing insights into Windows 10 deployment & management, security & compliance, and productivity. Also see other news related to Windows 10.
The next generation of Microsoft Edge! In December, we announced our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop. Our goal is to work with the larger Chromium open source community to create better web compatibility for our customers and less fragmentation of the web for all web developers. Today we’re embarking on the next step in this journey – our first Canary and Developer builds are ready for download on Windows 10 PCs. Canary builds are preview builds that will be updated daily, while Developer builds are preview builds that will be updated weekly. Beta builds will come online in the future. Support for Mac and all supported versions of Windows will also come over time. https://blogs.windows.com/windowsexperience/2019/04/08/microsoft-edge-preview-builds-the-next-step-in-our-oss-journey
Deployment & Management
Introducing the Microsoft Edge Insider Channels. The new Microsoft Edge builds are available through preview channels that we call “Microsoft Edge Insider Channels.” We are starting by launching the first two Microsoft Edge Insider Channels, Canary and Dev, which you can download and try at the Microsoft Edge Insider site. These channels are available starting today on all supported versions of Windows 10, with more platforms coming soon. https://blogs.windows.com/msedgedev/2019/04/08/microsoft-edge-preview-channel-details
Windows defines two main policies, Quick removal and Better performance, that control how the system interacts with external storage devices such as USB thumb drives or Thunderbolt-enabled external drives. Beginning in Windows 10 version 1809, the default policy is Quick removal. In earlier versions of Windows, the default policy was Better performance. https://support.microsoft.com/en-us/help/4495263/windows-10-1809-change-in-default-removal-policy-for-external-media
The benefits of Windows 10 Dynamic Update. Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed. Further, Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process. From an IT perspective, using Dynamic Update reduces the need to apply separate updates to recently installed systems and makes it easier to get your devices up to date with the latest available quality update in one step. https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847
Microsoft Helps video (1:30) on how to create a report of Mobile Device Manager (MDM) logs to diagnose enrollment or device management issues in Windows 10 devices managed by Intune. https://www.youtube.com/watch?v=WKxlcjV4TNE
Microsoft Helps video (10:27) on tips to manage and deploy updates for Surface and Window 10, including allowing firmware and security updates while holding off on feature updates as your organization evaluates each new release of Windows 10. This video walks through 5 management practices: an Overview of Defer Feature Updates, Windows feature update cycle, Office and Windows Configuration Manager update cycle, security updates, and Update compatibility with apps and hardware. https://www.youtube.com/watch?v=LK6RMRPJ4To
Microsoft Helps video (6:11) on how Windows Autopilot can transform how you deploy Surface and Windows 10 devices in your organization. Windows Autopilot set ups and pre-configures new devices, getting them ready to use. You can also use Windows Autopilot to reset, repurpose and recover devices. We’ll cover how it works as well as the user experience once they receive the device. Content includes: traditional vs. modern deployment, how Autopilot works, and setting up a device. https://www.youtube.com/watch?v=8D8ZN1RKChk
Third-party kernel drivers are becoming a more appealing target for attackers and an important area of research for security analysts. A vulnerability in a signed third-party driver could have a serious impact: it can be abused by attackers to escalate privileges or, more commonly, bypass driver signature enforcement—without the complexity of using a more expensive zero-day kernel exploit in the OS itself. We discovered such a driver while investigating an alert raised by Microsoft Defender Advanced Threat Protection’s kernel sensors.In this blog post, we’d like to share our journey from investigating one Microsoft Defender ATP alert to discovering a vulnerability, cooperating with the vendor, and protecting customers. https://www.microsoft.com/security/blog/2019/03/25/from-alert-to-driver-vulnerability-microsoft-defender-atp-investigation-unearths-privilege-escalation-flaw
Microsoft Threat Experts is the managed threat hunting service in Microsoft Defender Advanced Threat Protection (ATP). It provides security operations centers (SOCs) with expert-level oversight and analysis to help ensure that critical threats in their unique environments are identified, investigated, and resolved. Get more details about the service here: Announcing Microsoft Threat Experts. Today, we are announcing the general availability of Microsoft Threat Experts targeted attack notification capability. Targeted attack notification, one of Microsoft Threat Experts’ two components, provides proactive hunting, prioritization, and alerts that are tailored to organizations. These alerts include as much information as can be quickly delivered to bring attention to critical threats, including timeline, scope of breach, and methods, to further empower SOCs to identify and respond to threats quickly and accurately. https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Threat-Experts-reaches-general-availability/ba-p/502493
MDATP Threat & Vulnerability Management now publicly available! This is a new Microsoft Defender ATP component that helps effectively identify, assess, and remediate endpoint weaknesses and provides both security administrators and security operations teams with unique value, including: real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities, invaluable machine vulnerability context during incident investigations, built-in remediation processes through Microsoft Intune and SCCM. https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/MDATP-Threat-amp-Vulnerability-Management-now-publicly-available/ba-p/460977
Announcing the general availability of Microsoft Defender ATP APIs – a rich and complete set of APIs geared to fulfill the needs of security operations teams, enabling interoperability with enterprise security applications and automation. These capabilities enable customers to integrate and orchestrate defenses across their solution stack and management systems to orchestrate Microsoft Defender ATP; enabling security teams to effectively respond to modern threats. https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Announcing-Microsoft-Defender-ATP-API-updates/ba-p/473462
In an ideal world, all your critical devices would be seen by, reported on, and protected by Microsoft Defender ATP, however we’re aware that there are legitimate scenarios where devices simply can’t be connected to the Internet or a management service. As such, we have released a whitepaper with all the info you need to understand how security is impacted by the unique challenges of being disconnected. It talks about the types of disconnected devices, and — most importantly — provides guidance on the various features and protection technologies you can use from Microsoft to protect these disconnected devices. https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341
Video (4:05) Windows 10 wireless projection makes it easy to present your work, share memories, and watch your favorite movies on a big screen without stepping out the door. https://www.youtube.com/watch?v=MmOtnAToalo
Secure access to your enterprise with Microsoft 365 Enterprise E5. The first e-book, Secure access to your enterprise, tells the story of Christina, Vice President of Operations, who is savvy about security, but is also very busy. The e-book gives you a real-world perspective on how the requirements of her job can put the enterprise at risk, even when she does everything right. Learn how Azure Active Directory (Azure AD) integrates with other security products in Microsoft 365 to reduce the likelihood that a user’s password will be stolen, detect when a user has been compromised, and to give you back control when a user is compromised. https://www.microsoft.com/security/blog/2019/04/03/secure-access-microsoft-365-enterprise-e5
Microsoft Mechanics’ video (11:43) on an early look at Microsoft Threat Protection. Harnesses trillions of threat signals from the Microsoft Intelligent Security Graph to secure your workplace using Microsoft Threat Protection. Security CVP Rob Lefferts shows you the unified single console for visibility of security threats across your identities, endpoints, email, user data, SaaS apps, infrastructure and more. See how this helps build and investigate a connected account of what’s going on in your environment. This includes built-in protections and how new AI-powered security playbooks dynamically hardens your environment through automated workflows. https://www.youtube.com/watch?v=3ge1aAm1jX0
t3chn1ck 