Windows 10

Windows 10 News You Can Use – January 2018

Posted on

 Win10NewsLogo Windows 10 news you can use, January 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other news related to Windows 10…

Deployment & Management

1)      Visual Studio 2017 15.4 introduced the new Windows Application Packaging project to help you modernizing your application by using the new Windows 10 App Deployment Stack. http://blogs.windows.com/buildingapps/2017/12/04/extend-desktop-application-windows-10-features-using-new-visual-studio-application-packaging-project

2)      Add Conditional Access to your Windows 10 VPN with Intune and Azure AD. https://blogs.technet.microsoft.com/microscott/add-conditional-access-to-your-windows-10-vpn-with-intune-and-azure-ad

3)      Windows Analytics accelerates enterprise Windows 10 migration. With Update Compliance and Device Health services now generally available, Windows Analytics provides an end-to-end upgrade solution with actionable insights into device performance, reliability, and health, so enterprises can broadly migrate their devices from Windows 7 or Windows 8 to Windows 10 or update Windows 10 devices to the latest feature update (Windows 10, version 1709) quickly and with confidence. http://blogs.windows.com/business/2017/12/12/accelerate-windows-10-migration-windows-analytics

4)      Troubleshooting Windows AutoPilot (level 300/400). https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400

5)      Blog post about file association configurations in Windows 10 that, after reading it, and you will be able to configure file associations in Windows 10 avoid this notification: An app default was reset. https://blogs.technet.microsoft.com/windowsinternals/2017/10/25/windows-10-how-to-configure-file-associations-for-it-pros

6)      Build your own Windows 10 VPN lab and configure it with Intune. https://blogs.technet.microsoft.com/microscott/build-your-own-windows-10-vpn-lab-and-configure-it-with-intune

7)      IT pros – join us on Tuesday, January 16th for an opportunity to “Ask Microsoft Anything” (AMA) about Windows Analytics. Members of the engineering and product teams will be standing by to answer your questions and listen to your feedback about Upgrade Readiness, Update Compliance, Device Health, and the future roadmap for Windows Analytics. https://techcommunity.microsoft.com/t5/Windows-Analytics-AMA/bd-p/WindowsAnalyticsAMA

8)      Different from the Windows Insider Program for Business, the Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release Enterprise Privacy and Security features. https://olympia.windows.com/Info/FAQ

9)      Using ConfigMgr co-management to offload Windows 10 updates to Microsoft Intune. https://blogs.technet.microsoft.com/arnabm/2017/12/12/using-configmgr-co-management-to-offload-windows-updates-to-intune

Security & Compliance

1)      Download the Windows Defender Advanced Threat Protection (WDATP) kit and learn how security solutions built into the operating system can help you detect, investigate, and respond to advanced attacks and data breaches on your networks. In addition, learn about the cost savings and business benefits enabled by WDATP. https://info.microsoft.com/ATPInformationKit-Registration.html

2)      In this blog, we explore how Windows Defender ATP (WDATP), makes use of AMSI inspection data to surface complex and evasive script-based attacks. We look at advanced attacks perpetrated by the highly skilled KRYPTON activity group and explore how commodity malware like Kovter abuses PowerShell to leave little to no trace of malicious activity on disk. From there, we look at how WDATP machine learning systems make use of enhanced insight about script characteristics and behaviors to deliver vastly improved detection capabilities. https://blogs.technet.microsoft.com/mmpc/2017/12/04/windows-defender-atp-machine-learning-and-amsi-unearthing-script-based-attacks-that-live-off-the-land

3)      Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and detection. In this blog post we’ll look at how additional automated analysis and machine learning models can further protect customers within minutes in rare cases where initial classification is inconclusive. https://blogs.technet.microsoft.com/mmpc/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses

4)      Microsoft Mechanics’ look at the recent updates to Windows Hello for Business. We’ll show you why it’s even more secure than a password. You’ll see new protections for when you are in a public place or for when you are away from your device. https://www.youtube.com/watch?v=G-GJuDWbBE8

5)      Learn how to address cybersecurity with these snackable security videos on the Microsoft in Business YouTube channel.  Includes Windows 10 security videos such as:

o   Why is Patching Important and What is Windows as a Service?

o   Why Layers of Security are Important

o   What is Windows Defender ATP?
6)      Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI. https://blogs.technet.microsoft.com/jepayne/2017/12/08/weffles

7)      The GDPR is compelling every organization to consider how it will respond to today’s security and compliance challenges. Read this white paper for an in-depth exploration of the GDPR and its implications for organizations, how the capabilities of Microsoft 365 Enterprise edition can help your organization approach GDPR compliance and accelerate your journey, and what you can do to get started now. https://resources.office.com/ww-landing-M365EGDPR-accelerate-your-GDPR-compliance-whitepaper.html?LCID=EN-US

Productivity

1)      Windows 10 Tip: Get started with Continue on PC in the Microsoft Edge mobile app. http://blogs.windows.com/windowsexperience/2017/12/04/windows-10-tip-get-started-continue-pc-microsoft-edge-mobile-app

2)      We are again at the beginning of another major technology shift: the ability to be connected anytime, anywhere with Always Connected PCs that are instantly on, always connected with incredible battery life. http://blogs.windows.com/windowsexperience/2017/12/05/always-connected-pcs-enable-a-new-culture-of-work

3)      In the new world of work, advanced professions increasingly require high-performance computing capabilities. We’re working to ensure Windows meets your needs, even in demanding and mission-critical scenarios.  Join us for a look at the key benefits of Windows 10 Pro for Workstations, which was announced in August. http://blogs.windows.com/business/2017/12/15/windows-10-pro-workstations-power-advanced-workloads

4)      Windows 10 Tip: How to recover your pin and password from the lock screen. http://blogs.windows.com/windowsexperience/2017/12/18/windows-10-tip-recover-pin-password-lock-screen

 

Advertisements

Windows 10 News You Can Use – December 2017

Posted on

 

Windows 10 news you can use, December 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other related news…

  • By running Windows 10 with Office 365 ProPlus and Enterprise Mobility + Security, you can simplify the way you deploy and manage devices, deliver the latest innovations to users, and get robust insights to help you proactively run and manage your IT processes—with intelligent security built in every step of the way.  Register today to join us on Tuesday, December 5th from 10:00 a.m. to 11:00 a.m. Pacific Time to learn how to help protect your data and devices from the latest threats, transition to cloud-based management at your own pace, roll out updates for Windows and Office in a streamlined way without impacting user productivity, and more.
  • Rapid cyberattacks like NotPetya and WannaCrypt were able to take down all IT systems at global enterprises in about an hour, creating a new challenge for IT and Security leadership and practitioners to manage. Join us to learn about these attacks and Microsoft’s prescriptive roadmap of recommended mitigations to protect your organization against this type of attack.
  • Learn from Microsoft Mechanics about the spectrum of built-in security defenses that protect your users, information and devices. This rich capability set spans Windows 10, Office 365, enterprise mobility and security, while leveraging a number of services within Microsoft Azure. To go even deeper, check out Deep Dive into Microsoft 365 Intelligent Security.
Deployment & Management

1)      Do the employees in your enterprise forget their passwords? Good news! The new Windows 10 Fall Creators update allows users with Azure AD-joined (AADJ) devices to see a “Reset password” link on their lock screen. When they click this link, they will be brought to the same self-service password reset (SSPR) experience they see when signing in from a browser. https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/resetting-passwords-on-azure-ad-joined-devices-is-much-easier-with-the-latest-windows-update

2)      We are delighted to announce that we have released version 1710 for System Center Configuration Manager that includes new features and product enhancements! https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/now-available-update-1710-for-system-center-configuration-manager

3)      Step-by-step guide on how to use an Azure AD cloud-only identity to access an on-premises, non-cloud resource. https://blogs.technet.microsoft.com/askpfeplat/2017/11/21/mix-and-match-workfolders-azure-ad-and-aad-application-proxy

4)      Infographic: Start a practical move to modern Windows 10 management with Microsoft Enterprise Mobility + Security (EMS). See how you can use co-management with System Center Configuration Manager (ConfigMgr) and Intune to transition to a modern management approach in a controlled, iterative way.  https://gallery.technet.microsoft.com/Infographic-Start-a-43e7c705

5)      What’s new in Hyper-V for Windows 10 Fall Creators Update? https://blogs.technet.microsoft.com/virtualization/2017/11/13/whats-new-in-hyper-v-for-windows-10-fall-creators-update

6)      Windows 10 Deployment: Tips and Tricks from Microsoft IT. https://mva.microsoft.com/en-US/training-courses/windows-10-deployment-tips-and-tricks-from-microsoft-it-18012?l=SGQyyppQE_3312263987

7)      Architectural planning posters for Windows 10, including for clean install, in-place upgrades, AutoPilot, servicing, and protection solutions. https://docs.microsoft.com/en-us/windows/deployment/windows-10-architecture-posters

8)      How to upgrade ConfigMgr to the latest version along with upgrading OS and SQL. https://blogs.technet.microsoft.com/configurationmgr/2017/11/15/how-to-upgrade-configmgr-to-version-1702-with-os-and-sql-upgrade

Security & Compliance

1)      Microsoft Windows 10 offers many new native security and privacy capabilities that potentially reduce organizations’ reliance on third-party endpoint security solutions. When taken together, these capabilities improve the risk posture of your endpoint environment and significantly reduce exposure to OS- and application-level exploits. This report explains to risk and security professionals the best ways to utilize the new Windows 10 security features while keeping users’ privacy intact. https://reprints.forrester.com/#/assets/2/108/RES138138/reports

2)      We’re excited to announce three leading security companies – Bitdefender, Lookout, and Ziften – are partnering with us to enable Windows Defender Advanced Threat Protection (ATP) to detect, protect, and respond to security threads on macOS, Linux, iOS, and Android devices. http://blogs.windows.com/business/2017/11/08/microsoft-partners-extend-windows-defender-atp-across-platforms

3)      Clarifying the behavior of mandatory Address Space Layout Randomization (ASLR) using Windows Defender Exploit Guard (WDEG) in Windows 10. https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr

4)      Overview of new security capabilities in Windows 10 1709.

 

Productivity

1)       What’s new [for the user experience] in the Windows 10 Fall Creators Update

2)      What’s New in Microsoft Edge in the Windows 10 Fall Creators Update
http://blogs.windows.com/msedgedev/2017/10/17/edgehtml-16-fall-creators-update

3)      Designing devices for the new culture of work
http://blogs.windows.com/devices/2017/10/31/news-from-future-decoded-designing-devices-for-the-new-culture-of-work 

4)      Introducing Surface Book 2, the most powerful Surface Book ever
https://blogs.windows.com/windowsexperience/2017/10/17/windows-10-fall-creators-update-and-mixed-reality-headsets-available-today-announcing-surface-book-2 

5)      Windows 10 Tip: Work more efficiently with MyAnalytics, it can help you managed relationships with important people, prioritize your time and track the reach and influence of your email communications.
http://blogs.windows.com/windowsexperience/2017/10/09/windows-10-tip-work-efficiently-myanalytics

6)      Windows 10 Tip: Get started with the Windows 10 Maps app
http://blogs.windows.com/windowsexperience/2017/10/16/windows-10-tip-get-started-windows-10-maps-app

Windows 10 News You Can Use – November 2017

Posted on Updated on

 

Windows 10 news you can use, November 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other related news…

 

Deployment & Management

1)      Register today for exclusive access to a one-hour, demo-rich webcast showcasing solutions that can help you monitor and proactively improve your experience with Windows 10 upgrades, update deployment, and device management.  Webcast will be Tuesday 11/7/2017.
https://blogs.technet.microsoft.com/windowsitpro/2017/10/12/webcast-qa-proactive-insights-with-windows-analytics

2)      Administrative Templates (.admx) for Windows 10 Fall Creators Update (1709)
https://www.microsoft.com/en-us/download/details.aspx?id=56121

3)      Update 1710 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/update-1710-for-configuration-manager-technical-preview-branch-available-now

Security & Compliance

1)      Microsoft Mechanics, live at Ignite 2017: Real tales of [recent] attacks and the defenses in Windows 10 to stop them
https://www.youtube.com/watch?v=bNPo_BA72Is&index=18&list=PLXtHYVsvn_b9vcbjK69horD5S4mrx_v4H

2)      Browser security beyond sandboxing
https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing

3)      Final release of the recommended security configuration baseline settings for Windows 10 1709
https://blogs.technet.microsoft.com/secguide/2017/10/18/security-baseline-for-windows-10-fall-creators-update-v1709-final

4)      Mobile, collaborative, and secure—Using Windows Information Protection to protect corporate data.  IT Showcase case study (30-minute video) that outlines how Microsoft IT is using Windows Information Protection.
https://www.microsoft.com/itshowcase/Article/Content/970/Mobile-collaborative-and-secureUsing-Windows-Information-Protection-to-protect-corporate-data

5)      Forrester Research recently released a report (available for purchase) which explains to risk and security professionals the best ways to utilize the new Windows 10 security features while keeping users’ privacy intact.
https://www.forrester.com/report/Windows+10+Finally+Delivers+On+Microsofts+Security+Promises/-/E-RES138138

Productivity

1)      What’s new [for the user experience] in the Windows 10 Fall Creators Update

2)      What’s New in Microsoft Edge in the Windows 10 Fall Creators Update
http://blogs.windows.com/msedgedev/2017/10/17/edgehtml-16-fall-creators-update

3)      Designing devices for the new culture of work
http://blogs.windows.com/devices/2017/10/31/news-from-future-decoded-designing-devices-for-the-new-culture-of-work 

4)      Introducing Surface Book 2, the most powerful Surface Book ever
https://blogs.windows.com/windowsexperience/2017/10/17/windows-10-fall-creators-update-and-mixed-reality-headsets-available-today-announcing-surface-book-2 

5)      Windows 10 Tip: Work more efficiently with MyAnalytics, it can help you managed relationships with important people, prioritize your time and track the reach and influence of your email communications.
http://blogs.windows.com/windowsexperience/2017/10/09/windows-10-tip-work-efficiently-myanalytics

6)      Windows 10 Tip: Get started with the Windows 10 Maps app
http://blogs.windows.com/windowsexperience/2017/10/16/windows-10-tip-get-started-windows-10-maps-app

Evaluating Windows Defender Antivirus with ConfigMgr

Posted on Updated on

A standard today’s threat landscape is to not rely on antivirus alone and other mechanisms of endpoint security should be in place to mitigate threats.  However,  having a solid AV is still beneficial. In the past year, Windows Defender Antivirus (WDAV) in Windows 10 and Server 2016 has made great strides to provide next-generation antivirus protection.  More and more organizations are beginning to realize this and consider using it to displace their age-old, costly platforms.

If you’re in the same position and are wondering how you might approach an evaluation of WDAV, consider the following high-level steps as I envision it.  First and foremost however, Microsoft has also published prescriptive guidance for evaluating WDAV outside of ConfigMgr, including a downloadable PDF.  I recommend reviewing that information in it’s entirety before taking action. It is also highly advised that you watch the recent session from Ignite 2017 – Next-Gen AV: Windows Defender Antivirus unleashed – BRK3063.

  1. Upgrade ConfigMgr to the current branch model to support the latest Windows 10 releases (note: please first ensure that you’re licensed for ConfigMgr current branch!!)
  2. Review and pre-determine the desired WDAV settings, such as:
    • Network bandwidth to override any BITS restrictions – note that any BITS client settings defined in these clients settings will override other client settings only if given a higher priority and will impact the rest of BITS configurations
    • Auto-uninstall other AV products
    • Real-time protection exclusions (ConfigMgr has templates available as well)
    • WDAV specific capabilities available in Win10 1703, such as:
      • Cloud protection options
      • Potentially unwanted programs
      • WDAV offline scanning
      • End-user interactions with the WDAV interface
      • End-user notifications
  3. Follow the 5 steps outlined for setup of ConfigMgr for WDAV management, which includes instructions for both server and clients, but does not include common instructions such as using collections, reporting, or setup of RBAC
    https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-protection-configure
  4. Additional ConfigMgr server/client setup considerations:
  5. Optional: Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment
    https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus

To test the WDAV deployment and functionality:

  1. Assign the WDAV ConfigMgr client policy to the collection
  2. Ensure policy is delivered and has the appropriate priority to take effect
  3. Verify prior AV is uninstalled and WDAV becomes active
  4. Monitor the user experience as well as one potential risk may be that the uninstall of prior AV may need a restart of Windows to ‘unload’ executions in memory
  5. Perform AV protection tests as desired using the WDAV testground (hosted by Microsoft) as well as other standard testing by your security personnel
  6. Review alerts in the ConfigMgr console and reports

Note: to learn more about the security defense in-depth, see some of these recent sessions.

Windows 10 News You Can Use – October 2017

Posted on

Win10NewsLogo

Windows 10 news you can use, October 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

Before getting into this month’s insights, Microsoft recently finished a great week at the Ignite conference.  Key Windows related announcements included:

Deployment & Management

1)      Celebrating 25 years of SMS / SCCM / ConfigMgr !!! https://blogs.technet.microsoft.com/enterprisemobility/2017/09/26/configmgr-25

2)      We are excited to announce co-management capabilities in Windows 10! Customers now can manage Windows 10 devices with Intune and Configuration Manager at the same time. This allows customers to transition to modern management at their own pace and in manageable steps: https://blogs.technet.microsoft.com/enterprisemobility/2017/09/25/maximizing-its-impact-with-microsoft-365-powered-devices

3)      Improvements to Windows 10 Dual-Scan capabilities. https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607

4)      Always On VPN and DirectAccess Features Comparison.  Use this topic to gain an understanding of how Windows 2016 and Windows 10 VPN features map to and improve upon legacy DirectAccess features. 
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-map-da

Security & Compliance

1)      Moving beyond EMET, part 2 – Windows Defender Exploit Guard https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard

2)      The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions, such as Office 365 Advanced Threat Protection or Windows Defender Advanced Threat Protection were safe from this attack without the need of additional updates. https://blogs.technet.microsoft.com/mmpc/2017/09/12/exploit-for-cve-2017-8759-detected-and-neutralized

3)      Ransomware H1 2017 in review: Global outbreaks reinforce the value of security hygiene.
https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene

4)      Is your organization ready for GDPR compliance? We’ve added important resources detail the security features and capabilities built into Windows 10 that can help you comply with GDPR and implement the technical and organizational security measures to help protect personal data. Included are two new Windows resources, Accelerate GDPR compliance with Windows 10 and Accelerate GDPR compliance with Windows Server 2016 white papers, that will help you plan and prepare for the GDPR deadline.
https://blogs.windows.com/windowsexperience/2017/09/25/windows-resources-to-help-support-your-gdpr-compliance

5)      With the Windows 10 Fall Creators Update, new Windows Defender ATP prevention capabilities were added, as well as capabilities to stop attacks as they happen, enabling companies to use the full power of the Windows security stack for preventative protection. This enables WDATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting WDATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. http://blogs.windows.com/business/2017/09/19/automated-response-for-windows-defender-atp

6)      Continuing with our commitment to privacy and data control, today we’re announcing privacy enhancements coming to the Windows 10 Fall Creators Update for consumers and commercial customers that further increase your access to information and provides you more control over what information is collected. https://blogs.windows.com/windowsexperience/2017/09/13/privacy-enhancements-coming-to-the-windows-10-fall-creators-update

7)      Microsoft is pleased to announce the draft release of the recommended security configuration baseline settings for Windows 10 “Fall Creators Update,” also known as version 1709, “Redstone 3,” or RS3. Please evaluate this proposed baseline and send us your feedback via blog comments below https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft

Productivity

1)      Microsoft Edge extensions, a year in review.  Microsoft shares a few updates on the progress that has been made since then, and a quick look at what’s planned for the future.
https://blogs.windows.com/msedgedev/2017/09/29/microsoft-edge-extensions-one-year-later

2)      Announcing Bing for business – a new intelligent search experience for Office 365 and Microsoft 365, which uses AI and the Microsoft Graph to deliver more relevant search results based on your organizational context. This new experience from Bing for your enterprise, school, or organization helps users save time by intelligently and securely retrieving information from enterprise resources such as company data, people, documents, sites and locations as well as public web results, displaying them in a single experience.
https://blogs.bing.com/search/2017-09/finding-what-you-need-at-work-just-got-easier-with-bing-for-business

3)      How often do you get an email or walk into a meeting not knowing much about the people you’re about to collaborate with? According to Microsoft more than half of the emails its users receive are from people outside their organization. We know how much relationships matter, and now with Profile Card in Microsoft Office 365, you’ll have a quick and easy way to find more information about the people you work with, all without having to leave your workflow. https://blog.linkedin.com/2017/september/250/adding-linkedin_s-profile-card-on-office-365-offers-a-simple-way

4)      What makes Windows 10 Creators Update the best version of Windows 10 ever? Quality. The top areas we consistently hear about through our feedback channels are around power, performance, and reliability. These fundamentals are key elements that users look for in a device and value because they impact their everyday use, like longer battery life, faster web browsing, streaming videos longer and device stability. As a result, the Creators Update is the most performant and reliable version of Windows 10 ever! I’m excited to share a number of improvements in fundamentals that Windows 10 devices enjoy after updating to the Creators Update. https://blogs.windows.com/windowsexperience/2017/09/20/windows-10-creators-update-best-version-windows-10-ever

5)      Windows 10 Tip: How to make Start full screen http://blogs.windows.com/windowsexperience/2017/09/11/windows-10-tip-make-start-full-scree

Windows 10 News You Can Use – September 2017

Posted on Updated on

Win10News

First and foremost, the next update of Windows 10, the Fall Creators Update, will be available worldwide October 17. With the Fall Creators Update (aka RS3, aka v1709) we are introducing some fun, new ways to get creative. As part of the update we will deliver an evolution to the photos experience that will let you tell your story like never before using photos, videos, and 3D effects; enhancements in gaming, security, accessibility, and immersive new experiences made possible by Windows Mixed Reality. All of this innovation will be brought to life by a range of beautifully designed, and feature rich modern devices available from our hardware partners this holiday.
https://blogs.windows.com/windowsexperience/2017/09/01/create-and-play-this-holiday-with-the-windows-10-fall-creators-update-coming-oct-17

Deployment & Management

  1. Learn how Windows 10 can support your compliance with the European Union (EU) General Data Protection Regulation (GDPR) as well as approaches, recommended practices and techniques to support your GDPR compliance journey. https://www.microsoft.com/en-us/download/details.aspx?id=55765
  2. This new demo from Microsoft Mechanics walks you through common usage scenarios for Windows Analytics Update Compliance, a cloud-based solution that provides you with an inventory of the devices in your organization, the version of Windows installed on each device, the update status of each device, and antimalware assessment for Windows Defender Antivirus-enabled devices. https://blogs.technet.microsoft.com/windowsitpro/2017/08/10/new-demo-windows-analytics-update-compliance
  3. The Microsoft Intune team is excited to announce the ability to deploy Office 365 ProPlus applications to Windows 10 devices from the cloud with Intune. https://blogs.technet.microsoft.com/enterprisemobility/2017/08/10/deploying-office-365-proplus-with-microsoft-intune
  4. Preview of the Microsoft Store for Business PowerShell module.  Use the module to view purchased items, manage licenses, perform bulk operations. https://docs.microsoft.com/en-us/microsoft-store/microsoft-store-for-business-education-powershell-module
  5. Connect with members of the product engineering teams who will be on hand to answer your questions and listen to feedback about Upgrade Readiness, Update Compliance, Device Health, and how these services can help you reduce the costs associated with deploying, servicing, and supporting Windows 10. https://myeventurl.azurewebsites.net/events/Details/276

Security

  1. Is your staff handling your corporate data with care? Window Information Protection helps Microsoft IT know when employees are sending corporate data to non-corporate locations—and it helps people protect sensitive content and corporate assets. On Wednesday September 6th, learn how Windows Information Protection works to provide data security in our highly mobile and collaborative business culture, and prepare to deploy, configure, and manage it for data loss prevention in your environment. https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x22413939980
  2. Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Windows 10 “Creators Update” also known as version 1703, “Redstone 2,” or RS2. https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final
  3. How Microsoft’s IT uses Windows Defender Antivirus.
  4. New Microsoft documentation on Windows Defender Application Guard. https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview
  5. Windows Defender Exploit Guard (WDEG) which will complete our journey to incorporate all of the security benefits of EMET directly into Windows. This effort was significantly influenced by two insights that came up most frequently in our survey data, customer support calls, and conversations with EMET stakeholders and security enthusiasts. More than anything else, our customers have expressed that they want (1) a user-friendly UI for configuring mitigation settings and (2) a way to protect their legacy apps on Windows 10. https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard
  6. Microsoft explores the machine learning techniques that have transformed Windows Defender ATP into a formidable solution for spotting all kinds of breach activity in the enterprise network. https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity
  7. Windows 10 protects against tech support scams, no matter the vector. https://blogs.technet.microsoft.com/mmpc/2017/08/07/links-in-phishing-like-emails-lead-to-tech-support-scam

Productivity

  1. Windows 10 Pro for Workstations is a high-end edition of Windows 10 Pro, comes with unique support for server grade PC hardware and is designed to meet demanding needs of mission critical and compute intensive workloads. https://blogs.windows.com/business/2017/08/10/microsoft-announces-windows-10-pro-workstations
  2. Windows 10 Tip: Five ways to personalize notifications on your PC. http://blogs.windows.com/windowsexperience/2017/08/28/windows-10-tip-five-ways-personalize-notifications-pc
  3. Windows 10 Tip: Three ways to get started with OneNote. https://blogs.windows.com/windowsexperience/2017/08/21/windows-10-tip-three-ways-get-started-onenote
  4. Windows 10 Tip: Turn text into timelines in PowerPoint. https://blogs.windows.com/windowsexperience/2017/08/14/windows-10-tip-turn-text-timelines-powerpoint
  5. Available later this year, a collaboration between Microsoft and Amazon will allow you to access Alexa via Cortana on Windows 10 PCs, followed by Android and iOS in the future. Conversely, you’ll be able to access Cortana on Alexa-enabled devices like the Amazon Echo, Echo Dot and Echo Show. https://blogs.microsoft.com/blog/2017/08/30/hey-cortana-open-alexa-microsoft-amazons-first-kind-collaboration

 

Risks and Considerations for Win10 LTSC over Win10 Current Channel

Posted on Updated on

It’s no secret that with the introduction of Windows 10 that Microsoft has moved into the direction of releasing new feature updates twice per year, which is commonly referred to as Windows as a Service.  An organization could be faced with challenges around the frequency, size, and the new administrative cadence of feature updates to Windows (even though Microsoft has done and is doing great work to address these challenges).

In light of these challenges, it can be tempting for an organization to try to “standardize” on version of Windows 10 that is supported for 10 years.  This version is called the Long Term Servicing Branch Channel, or LTSC for short, and is designed for “Specialized systems—such as PCs that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization.”  (Side note that the nomenclature usage of the word “Branch” was recently dropped

While it may sound great that there is a version of Windows 10 which is supported for 10 years, there are many considerations and risks with trying to use it across the board.  This posting is an attempt to pull together and consolidate disparate references to help highlight, educate, and inform on Win10 LTSC for general production use.  Even Gartner says Rethink Windows 10 LTSB Deployment Based on Microsoft’s Updated Guidance.

Consideration #1

General guidelines state that devices that fulfill the following criteria are considered general-purpose devices and should be paired with Windows 10 using the Current Channel servicing option:

  • Devices that run productivity software such as Microsoft Office
  • Devices that use Windows Store applications
  • Devices that are used for general Internet browsing
    (for example, research or access to social media)

Reference: https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#long-term-servicing-channel

Consideration #2

Support for the latest processor / chipsets:

  • LTSC will support the currently released silicon at the time of release of the LTSC version
  • As future silicon is released, support will be created through future LTSC releases that customers can deploy for those systems
  • This enables Microsoft to focus on deep integration between Windows and the silicon, while maintaining maximum reliability and compatibility with previous generations of platform and silicon

Implications:

  • Multiple LTSC versions would be required to be used and managed within the organization for the life of the hardware
  • Hope you’re ready to buy hundreds or thousands of computers with supported chipsets to just keep on hand

Consideration #3

LTSC, being that it’s code base and features are set “in stone” for 10 years and will not be modified, then it will be unable to keep up with current security capabilities and needs.  Case in point, the LTSB 2015 and 2016 releases do not have support for the following, only the current channels of Win10.  This would further widen the security gap of an organization until they are added into a future LTSC release (which is only every few years).

Consideration #4

Windows Analytics provides data-driven insights that reduce the cost of deploying, servicing, and supporting Windows 10.  It gives an organization actionable information to help gain deep insights into operational efficiency and the health of Windows 10 devices in the environment. But Windows 10 LTSC is not supported.  The three tools include:

  • Upgrade Readiness (general availability) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements.
  • Update Compliance (public preview) provides a unified view of Windows Update and Windows Defender Antivirus compliance for Windows 10 devices, regardless of the management solution being used. It allows organizations to keep their devices secure and up-to-date, track protection and threat status, and monitor update deployments and troubleshoot issues as they arise.
  • Device Health (public preview) provides proactive insights to help detect and remediate end-user impacting issues. This new service uses telemetry data to provide such insights without additional infrastructure requirements. Proactively remediating end-user issues enables you to reduce support costs and improve efficiency.

Consideration #5

Examples of functionality missing that was included in the Windows 10 Creators Update (1703) in April 2017 include the following.  For each and every release of Windows 10, this list would grow.

Consideration #6

Various other limitations

  1. Fewer non-security and reliability fixes
  2. Visual Studio is not supported on LTSC
  3. Office ProPlus (traditional MSI) is highly recommended, and not using Office 365 ProPlus (aka click-to-run) on LTSC
  4. In-place upgrade of Win7 to LTSC is not supported – a full reimage, backup/restore of data and applications, just like the old days
  5. Depending upon IHV and ISV, there may be support and limitations on LTSC
  6. Doesn’t contain in-box apps, such as Store, Calculator, Photos, Camera, Music, Clock, and Edge – and yes, Edge is also a more secure browser

Consideration #7

Core Surface device experiences are impacted.

  • Windows Feature Updates, including enhancements such as:
    • Improvements to Direct Ink and palm rejection provided in Windows 10 1607
    • Improved support for high DPI applications provided in Windows 10 1703
  • Pressure sensitivity settings provided by the Surface app
  • The Windows Ink Workspace
  • Key touch-optimized in-box applications including Microsoft Edge, OneNote, Calendar, and Camera
  • Driver and firmware updates are not explicitly tested against releases of Windows 10 Enterprise LTSC
  • If you encounter problems, Microsoft Support will provide troubleshooting assistance. However, due to the servicing nature of the Windows LTSC, issue resolution may require that devices be upgraded to a more recent version of Windows 10 Enterprise LTSC, or to Windows 10 Pro or Enterprise with the Current Channel servicing option.

Summary

In summary, in this blog post I have tried to outline evidence to support you in your decision making process for choosing Windows 10 Current Channel over LTSC.  I hope that it leads to the proper choice for you!  Points covered were

  1. Guidelines of what is a general use device vs. a specialized device
  2. Support for the latest processor / chipsets
  3. Security features that are not present in LTSC
  4. Windows Analytics for data-driven insights, is not supported
  5. Example of missing functionality that was delivered in Windows 10 Creators Update (1703)
  6. Various other limitations and their potential impact
  7. Core Surface device experiences are impacted