News You Can Use
June was an active month for Windows 10 advancements, new resources, and security events! For this edition of the “news you can use”, I’ve broken it into categories for deployment | security | productivity | windows insider feature highlights.
Deployment & Management
- MDOP servicing update released in March 2017, which includes updates for things like MBAM 2.5 SP1 support for SQL Server 2016 SP1.
- Demystifying Windows as a Service – David das Neves (PFE for Microsoft Germany) shares his current experience and guidance for organizational preparation for WaaS.
- Introducing a new service to the Windows Analytics suite – Device Health. Device Health functionality is designed to ensure employees have the best possible experience with Windows 10. To achieve that goal, it helps identify issues that could affect a person’s experience, before they may even notice, while also identifying steps needed to resolve those issues proactively. This reduces helpdesk calls and support costs, saving time and money.
https://blogs.windows.com/business/2017/06/29/delivering-modern-promise-windows-10 (read the Proactive Insights section)
- Windows AutoPilot is a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. With Windows AutoPilot, IT professionals can customize the Out of Box Experience (OOBE) for Windows 10 PCs and enable end users to take a brand-new Windows 10 device and—with just a few clicks—have a fully-configured device ready for business use. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Most importantly, users can go through the process independently, without making any decisions and without needing to involve IT. Furthermore, an upcoming WEBINAR on Modernize the deployment process with Windows AutoPilot
- Modern management of Internet-based clients using SCCM.
- Videos and setup guides for Upgrade Readiness in the Windows Analytics suite.
- One-hour “Ask Microsoft Anything” event upcoming about Windows 10 management at 9:00 a.m. Pacific Time on July 25th. Members of the Windows engineering and product teams will be standing by to answer your questions. Note: You must be a member of Tech Community to post questions so save the date for the AMA event and visit http://aka.ms/community/Windows10 to join the Windows 10 Tech Community today.
- EMET protections coming to Windows 10 RS3 (branded as Windows Defender Exploit Guard)!
- Microsoft Mechanics video highlighting the RS3 capability for Windows Defender Application Guard.
- New ransomware, old techniques: Petya adds worm capabilities – analysis and recommendations. Plus, Windows 10 resilience against the Petya ransomware attack.
- Find out how to prevent and contain cyberattacks across email and endpoints with Windows Defender Advanced Threat Protection (Windows Defender ATP) and Office 365 ATP. This new demo explains how these technologies work together to help detect and prevent attacks, and how—if an attack makes it through your defenses—they can help you contain the threat and take immediate action.
- What’s new and coming to Windows Defender ATP in Win10 RS3.
- Microsoft is pleased to announce the beta release of the recommended security configuration baseline settings for Windows 10 “Creators Update”.
- Microsoft reluctantly announces the retirement of the Security Compliance Manager (SCM) tool. At the same time, we are reaffirming our commitment to delivering robust and useful security guidance for Windows, and tools to manage that guidance.
- The Microsoft Security Configuration Toolkit (replacing SCM as noted above) enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a Domain Controller or inject them directly into testbed hosts to test their effects. The Security Configuration Toolkit consists of two tools, Policy Analyzer and LGPO, and a set of configuration baselines for different releases of Windows.
- Windows 10 tip: Organize your Start files with new tile folders.
Windows Insider Feature Highlights
- Windows 10 and SMB1: As part of a multi-year security plan, we are removing the SMB1 networking protocol from Windows by default. This build has this change, however the change only affects clean installations of Windows, not upgrades. We are making this change to reduce the attack surface of the OS.
- Windows Defender Application Guard (WDAG) Improvements.
- Introducing Controlled folder access in Windows Defender Antivirus: making it easier for you to protect valuable data from malicious apps and threats, such as ransomware.
- OneDrive files on-demand now available for Windows Insiders.
This June 2017 edition of Win10 news you can use is primarily based around security. Do note that item #1 is for an upcoming webcast that could be beneficial for you or others in your team to attend.
- Windows 10 deployment: Tips and Tricks from Microsoft IT – LIVE June 20 at 10AM PST – This webinar will focus on best practices and lessons learned, from application compatibility testing and upgrade strategies to smoothing the deployment path through end user readiness
- R.I.P … Windows 10 1507 end of support. Next up is end of support for Win10 1511 (Anniversary Update).
- Recently the Windows Defender Advanced Threat Protection (WDATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations.
- Announced last September in the Microsoft Edge Blog, Windows Defender Application Guard for Microsoft Edge is now available in Windows Insider Preview (Build 16188) for Enterprise users in the Fast Ring. Microsoft Edge running in Application Guard provides enterprises the maximum level of protection from malware and zero day attacks against Windows.
- Improvements for Enterprises in Microsoft Edge on the Windows 10 Creators Update
- The security capabilities of Windows 10, Windows Defender Antivirus, and Windows Defender Advanced Threat Protection are constantly evolving to protect against current and future threats. Download this white paper to learn how Microsoft uses data science, machine learning, automation, behavioral analysis, and expert threat researchers to forge the next generation of security solutions.
- Microsoft Secure Blog on “7 types of highly effective hackers (and what to do about them)”; get the free e-book (registration required) to learn about the seven different types of hackers and get recommendations on how you can better prepare your organization against their potential threats.
For this month’s edition of Windows 10 news that you can use, I’m excited to share that the Windows 10 Creators Update (aka RS2, aka 1703) has arrived! Announcement: https://blogs.windows.com/windowsexperience/2017/03/29/windows-10-creators-update-coming-april-11-surface-expands-markets. Additionally, there is a webcast on April 27th, which will cover changes and new features in further detail – register for it at https://aka.ms/w10itpro/new-in-v1703-webcast.
For the rest of this month’s news:
- The Microsoft Edge security team employs a layered strategy to protect you from vulnerabilities that could be used to compromise your device or personal data. In this post, we’ll explore some of the significant improvements we’ve made in the Windows 10 Creators Update to strengthen our next line of defense: the Microsoft Edge sandbox.
- If you upgraded in-place to Win10 x64 from Win7 x64, then it’s highly likely the disk is in the MBR format. With the release of the Win10 Creators Update (v. 1703), the disk conversion MBR to GPT tool is now ready to be used so that you can convert BIOS to UEFI.
- Win10 virtual hands-on labs let you try out Windows 10 setup, deployment, and management scenarios using a cloud-based private virtual machine environment. Each lab presents you with a series of instructions, and access to one or more virtual machines, with no additional software or setup required.
- Easy to follow Win10 technical demonstration videos – Explore the new features and improvements in Windows 10, and find tips and tricks to simplify deployment.
- Windows Defender Antivirus protection evaluation guide. Related, if you would like a demo or to personally test out the Block at First Sight capabilities to protect against zero-day malware, then let me know so that I can provide you with instructions to mimic polymorphic malware.
- Features that are removed or deprecated in Windows 10 Creators Update 1703. This list is intended for IT professionals who are updating operating systems in a commercial environment.
- On-demand video for Best Practices on Win10 deployment. Refresh your memory on what Windows as a Service means, and understand how it applies to your own business. Get an overview of the management features and integrations in Windows 10 that make it simpler but also more flexible, such as In-Place Upgrade, Dynamic Provisioning, Azure Active Directory, and Mobile Device Management. Learn more about App-V and UE-V, which makes management of applications and settings more streamlined.
- Windows 10 Deployment and Management Lab Kit updated and good through June 1, 2017. Note this is still using Win10 1607 as that is the CBB.
This my inaugural edition of “news you can use” for Windows 10. I originally set out to compile and share these bits of information that I see come through the wire, with the hopes that it would be beneficial to you as well.
- Did you miss Microsoft Ignite in September? No worries, the sessions were recorded and are available online. Here is a catalog of the related Windows 10 sessions. Optionally, you also download all of those sessions (decks and videos) directly from my OneDrive!
- Have you heard of the new Upgrade Analytics service to help in your application compatibility planning and readiness? If not, recently a Microsoft Mechanics video (6 minutes) was created to highlight and showcase the technology.
Read more and watch: https://technet.microsoft.com/en-us/windows/mt743627
- The Windows 10 IT Showcase is about how Microsoft IT used the materials in this program to support the Windows 10 deployment to all employee devices within the Microsoft global enterprise. Now, you can use them to facilitate employee adoption, promote best practices, and ensure a direct path to productivity with the best Windows ever.
Read more: https://www.microsoft.com/itshowcase/windows10deployment
- Updated GPO settings reference for Win10/Server 2016.
Read more: https://www.microsoft.com/en-us/download/details.aspx?id=25250
- The Win10 Anniversary Release (1607) has been officially declared as a Current Branch for Business (CBB).
Read more: https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security
- Microsoft has announced the new Unified Update Platform (UUP) that is under development and coming to new branches of Windows 10. The community and customer benefits of UUP is the reduction you’ll see in download size on PCs. We have converged technologies in our build and publishing systems to enable differential downloads for all devices built on the Mobile and PC OS.
Read more: https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup
- Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. And we take this responsibility very seriously. Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.
Read more: https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security
- Configuration Manager 1610 released and contains new features
Read more: https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/now-available-update-1610-for-system-center-configuration-manager
- The next Win10 branch release was announced as the Creators Update and is due to arrive in the spring of 2017. Included is the introduction of the Surface Studio and Surface Dial device!
Read more and watch demo: https://blogs.windows.com/windowsexperience/2016/10/26/empowering-a-new-wave-of-creativity-with-the-windows-10-creators-update-and-surface-studio
- While it’s not really “news for Win10”, are you scrambling for the perfect gifts for the geeks on your list this holiday season? Just don’t know where to start? Lucky for you, the Microsoft elves have spent 2016 putting together the ultimate list of the year’s best tech, toys, and tools and collected them here in the Holiday Gift Guide for Geeks 2016.
Read more: https://info.microsoft.com/holiday-gift-guide-2016.html