Windows 10

Windows 10 News You Can Use – December 2018

Posted on

Win10NewsLogo Windows 10 news you can use, December 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity. Also see other news related to Windows 10.

If you’re in IT, make sure you join us Thursday, December 13th from 9:00-10:00 a.m. Pacific Time to get up to speed and get your questions answered about Windows 10, version 1809. We’ve assembled a group of engineers and product managers from the Windows, Window Defender ATP, System Center Configuration Manager, Microsoft Intune, Microsoft Edge, and Microsoft 365 teams—and we’ll be answering your questions live during what promises to be an exciting and informative “Ask Microsoft Anything” (AMA) event.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/November-1st-Windows-10-version-1809-AMA-for-IT-pros/ba-p/265894

Windows 10 quality approach for a complex ecosystem. In November, Microsoft re-released the October 2018 Update after pausing to investigate a small but serious issue. This is the first time in Windows 10’s “Windows as a Service” history that we have taken such an action, and as such it has naturally led to questions about the work we do to test and validate Windows quality before we begin rolling it out broadly.
http://blogs.windows.com/windowsexperience/2018/11/13/windows-10-quality-approach-for-a-complex-ecosystem

Deployment & Management
  1. Now live! Follow the steps outlined in Microsoft’s Modern Desktop Deployment Center to plan and carry out your large-scale deployment of Windows 10 and Office 365 ProPlus. Each step is part of the overall planning and deployment process with steps typically running in parallel to each other in a phased deployment.
    aka.ms/howtoshift
  2. Understanding the differences between servicing Windows 10-era and legacy Windows operating systems. https://docs.microsoft.com/en-us/windows/deployment/update/waas-servicing-differences
  3. Windows Autopilot: Hybrid Azure AD join and automatic registration.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Autopilot-Hybrid-Azure-AD-join-and-automatic/ba-p/286126
  4. Windows 10 Enterprise LTSC 2019 is now available on the Volume Licensing Service Center (VLSC).
    https://www.microsoft.com/Licensing/servicecenter
  5. KB4347075 Update to extend KMS support upcoming Enterprise LTSC and Windows Server products.
    https://support.microsoft.com/en-us/help/4347075/august-30-2018-kb4347075-update-to-extend-kms-support-upcoming-enterpr
  6. When you purchase any of the Windows 10 or Microsoft 365 services (as detailed in the following Eligible plans section), FastTrack Specialists provide advisory and remediation guidance if you encounter app compatibility issues as you deploy to Windows 10 and Office 365 ProPlus and stay up-to-date at no additional cost (with an eligible subscription). To get help, complete the Desktop App Assure service request. https://docs.microsoft.com/en-us/FastTrack/win-10-daa-assistance-offered-and-plans
  7. Windows 10 Long-Term Servicing Channel (LTSC): What is it, and when should it be used?
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181
  8. Today is an exciting day for Windows 10 on ARM. With the official release of Visual Studio 15.9, developers now have the officially supported SDK and tools for creating 64-bit ARM (ARM64) apps. This news comes at a great time as Qualcomm Snapdragon 850 processor second-generation ARM64 devices provide even more computing power for developers to tap into while continuing to deliver the beyond-all-day battery life customers expect from Windows 10 on ARM. Like the first-generation ARM64 devices, they are also thin, light, fast, and designed with instant-on 4G LTE connectivity in mind, while able to run the wide ecosystem of Windows applications thanks to an x86 emulation layer.
    http://blogs.windows.com/buildingapps/2018/11/15/official-support-for-windows-10-on-arm-development
Security & Compliance
  1. Our analysis of a targeted attack used malicious InPage document and outdated VLC media player to give attackers backdoor access to targets. Historically, malware payloads like the stage 2 malware in this attack are used to steal credentials and other sensitive information, install more payloads, or move laterally in the network. However, because the malware opens a backdoor channel for remote attackers to execute arbitrary commands of their choice, there’s a wide range of possibilities.
    https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-malicious-inpage-document-and-outdated-vlc-media-player-to-give-attackers-backdoor-access-to-targets
  2. Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks. The WDATP team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack chain, and the toolsets used, we believe the threat actor that the industry refers to as Tropic Trooper was likely behind the attack. Read more about how the attack was determined, protected by Conditional access, and automatically remediated on threatened networks.
    https://cloudblogs.microsoft.com/microsoftsecure/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks
  3. Microsoft is excited to share with you some of the latest significant enhancements to Windows Defender ATP. We added new capabilities to each of the pillars of Windows Defender ATPs unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.
    https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp
  4. At Microsoft, we take your device and account protection seriously, which is why we’ve been on a mission to eliminate passwords. Passwords can be difficult to remember, are often reused and can be used to hack your account anywhere, anytime, from any device. Windows Hello is a key component in our effort to finally saying goodbye to passwords. Using facial recognition, a fingerprint, or PIN, Windows Hello is a fast, secure and password-less way to unlock your Windows 10 PC.1 We’ve been busy bringing the latest and greatest features to Windows Hello and account protection and wanted to take some time to update you on what’s new.
    http://blogs.windows.com/windowsexperience/2018/11/20/keeping-you-updated-on-windows-hello
  5. Secure password-less sign-in for your Microsoft account using a security key or Windows Hello. We just turned on the ability to securely sign in with your Microsoft account using a standards-based FIDO2 compatible device—no username or password required! FIDO2 enables users to leverage standards-based devices to easily authenticate to online services—in both mobile and desktop environments.
    https://www.microsoft.com/en-us/microsoft-365/blog/2018/11/20/sign-in-to-your-microsoft-account-without-a-password-using-windows-hello-or-a-security-key
  6. Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 October 2018 Update (a.k.a., version 1809, “Redstone 5” or “RS5”), and for Windows Server 2019.
    https://blogs.technet.microsoft.com/secguide/2018/11/20/security-baseline-final-for-windows-10-v1809-and-windows-server-2019
Productivity
  1. Windows 10 Tip: Five ways filling out forms online just got easier in Microsoft Edge. You may have already noticed that it’s easier than ever to fill out form details in websites, thanks to several improvements in Microsoft Edge via the Windows 10 October Update. This builds on the multi-field autofill launched in April that gave users the ability to fill out multiple related fields in website forms, such as contact info and credit card details, with one click.
    http://blogs.windows.com/windowsexperience/2018/11/26/windows-10-tip-five-ways-filling-out-forms-online-just-got-easier-in-microsoft-edge
  2. When we released Windows 10, version 1803, we introduced Local Experience Packs (LXPs), which are modern language packs delivered through the Microsoft Store or Microsoft Store for Business. The biggest advantage to LXPs is that we no longer have to wait for feature update releases to deliver improved translations to you. Instead, translation improvements can be delivered via LXPs as a Microsoft Store application update. Local Experience Packs, available in more than 100 languages, makes Windows speak your language. Windows engineer Pankaj Mathur explains that it’s easier than ever to get and install one in the Windows 10 April 2018 Update. (Subtitle available in 86 languages)
    https://community.windows.com/en-us/videos/get-windows-to-speak-your-language/gnmVAKrWsrU
  3. Windows 10 Tip: Find out how to setup and use Surface Headphones.
    http://blogs.windows.com/windowsexperience/2018/11/19/windows-10-tip-find-out-how-to-setup-and-use-surface-headphones
  4. Save money and time with Microsoft Shopping Assistant. Microsoft Shopping Assistant, first released in 2016 through The Garage, is a browser add-on that helps you get the best deals at more than 50,000 online stores, from top retailers like Amazon and Walmart to your favorite boutique shop on Etsy.
    http://blogs.windows.com/windowsexperience/2018/11/21/save-money-and-time-with-microsofts-personal-shopping-assistant
In other news related to Windows 10…
Advertisements

Windows 10 News You Can Use – November 2018

Posted on

If you’re in IT, make sure you join us Thursday, December 13th from 9:00-10:00 a.m. Pacific Time to get up to speed and get your questions answered about Windows 10, version 1809. We’ve assembled a group of engineers and product managers from the Windows, Window Defender ATP, System Center Configuration Manager, Microsoft Intune, Microsoft Edge, and Microsoft 365 teams—and we’ll be answering your questions live during what promises to be an exciting and informative “Ask Microsoft Anything” (AMA) event.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/November-1st-Windows-10-version-1809-AMA-for-IT-pros/ba-p/265894

What’s new in Windows 10, version 1809
Deployment & Management
  • Microsoft Mechanics video (19:44) – Windows Virtual Desktop, a new remote desktop solution on Azure, learn how you can now use Windows 10 Enterprise to allow multiple users to connect concurrently, which in the past was only available on Windows Server. All this works without the need to set up or manage virtual desktop infrastructure running remote desktop services. We’ll show you steps for getting this service up and running in minutes and as you migrate to Windows 10, discover how we now allow you to continue run Windows 7 if you need to and benefit from 3 years of Extended Security Updates with Azure.
    https://www.youtube.com/watch?v=_7G37PFYVe4
  • Would you like to learn more about Windows Virtual Desktop?
    https://techcommunity.microsoft.com/t5/Microsoft-365/Windows-Virtual-Desktop-learning-and-readiness-resources/m-p/275494
  • Ensuring that your organization acquires and retains the necessary language packs (LPs) and language Features on Demand (FODs) to enable employees to use their Windows 10 devices in their preferred language is a crucial part of managing corporate machines, especially when keeping them up to date with the latest Windows 10 feature updates. Today, you have three options to update a managed PC to the latest Windows 10 feature update: servicing, media upgrades, and wipe/reload. This article provides guidance for all three scenarios, and information on how to acquire language pack content once a device is up to date.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Language-pack-acquisition-and-retention-for-enterprise-devices/ba-p/275404
  • At Ignite 2018, Microsoft announced support for Windows Autopilot for existing devices allows you to reimage and provision a Windows 7 device for Windows Autopilot user-driven mode. You can test this scenario now using Configuration Manager 1806 or later and Windows 10 Insider Preview Build 18252. In this post, Microsoft will take you through the steps to accomplish this using a single SCCM (current branch) task sequence.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrade-Windows-7-using-Windows-Autopilot-in-Configuration/ba-p/267747
  • Microsoft recently made a promise I’ve been hoping to make for a long time: if an app works on a previous version of Windows and, when you update to the latest version of Windows 10, it stops working, we’ll fix it for free. With Desktop App Assure, if you hit a snag in a pilot or your deployment, you have a team of application compatibility experts who will support you and get you back up and running as quickly as possible. This makes it much easier to align your testing patterns to your predicted or measured failure rates. Let’s look at some examples of what kinds of application compatibility issues can you bring to Desktop App Assure.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-is-Desktop-App-Assure/ba-p/270232
  • Microsoft IT recently deployed Windows 10 to 96,000 distributed users at Microsoft. The deployment included both remote users and users on the corporate network and was completed in nine weeks. To improve on past operating system deployments, Microsoft IT deployed Windows 10 as an in-place upgrade that maintained productivity. Download the report now to see how they did it.
    https://www.microsoft.com/en-us/download/details.aspx?id=50377
  • Clearing the confusion on support lifecycle of App-V and MSIX. Furthermore, with the advent of MSIX you might be wondering, “Should I move to MSIX now”? or “Why am I investing in App-V?”
    https://blogs.msdn.microsoft.com/sgern/2018/10/17/support-lifecycle-app-v-and-the-msix-confusion
    https://blogs.msdn.microsoft.com/sgern/2018/06/29/but-what-about-app-v
  • Microsoft Mechanics now has a series of videos in their (desktop deployment essentials playlist) with steps to help in your Modern Desktop deployment process. These videos includes subjects such as device and application readiness, directory and network readiness, Office and LOB application delivery, user files and settings, considerations for security and compliance, options for deploying Windows 10, and staying up-to-date with Windows 10 and Office 365.
    https://www.youtube.com/playlist?list=PLXtHYVsvn_b_0LjDWej-d3x8C1JDEB5vh
  • In almost any network, Delivery Optimization can be a highly effective tool, efficiently delivering content to devices and reducing the need for more internet bandwidth. This post outlines some potential scenarios that your organization might be required to accommodate, and the options you have when configuring Delivery Optimization to help you manage bandwidth. While these scenarios may not align strictly to real-life scenarios, this case study of Microsoft’s use of Delivery Optimization provides deeper insight into using peer-to-peer update distribution on a large scale.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Delivery-Optimization-Scenarios-and-configuration-options/ba-p/280195
  • Microsoft Mechanics video (17:48) – An end-to-end look at IT pro updates for device and app readiness for Windows 10 and Office 365 ProPlus. Lead engineer Amesh Mansukhani demos your options and offers real-world guidance for getting off older versions of Office and Windows. Includes updates to Windows Analytics with built-in Office compat, OCT integration with SCCM, how to manage updates and more.
    https://www.youtube.com/watch?v=HmWD9SYlYv0
  • Microsoft Mechanics video (21:21) – Join Randy Wong from the OneDrive engineering team for a 15-minute introduction on new capabilities that support your shift from Windows 7 to the Windows 10 and Office 365 ProPlus modern desktop with Known Folder Move.
    https://www.youtube.com/watch?v=bYUsy-k-8vc
  • Microsoft Mechanics video (22:16) – Watch a demonstration of what you can do with your existing process and tools while harnessing the latest updates to Systems Center Configuration Manager and co-management capabilities when cloud connected with Microsoft Intune; next-gen provisioning approaches and updates with Windows AutoPilot and how to stay current and up to date with Windows and Office as a Service.
    https://www.youtube.com/watch?v=1XEVTJUwe6I
  • Microsoft Mechanics video (20:26) – Are you ready to deploy Windows 10 and Office 365 ProPlus using your preferred deployment tools? In this show find out what’s new, what’s changed, and learn the best practices for real-world and proven deployment recommendations for how to shift to a modern desktop.
    https://www.youtube.com/watch?v=im0P-dcBpTE
  • If you’re building a modern desktop to provide a more secure, productive—and enjoyable—experience for your users, you’re not alone. Learn how you can use Microsoft’s FastTrack services to accelerate your shift to a modern desktop or your efforts to stay up-to-date. FastTrack can help you in your journey to manageable, secure, and up-to-date Windows 10 devices leveraging Intune and Office 365 ProPlus. Find out how FastTrack can help you create a better plan and assist you to resolve deployment blockers based on our learnings and experiences from helping thousands of customers optimize their journey!
    https://www.youtube.com/watch?v=l6ZexfoJvs4
Security & Compliance
Productivity
In other news related to Windows 10…

Windows 10 News You Can Use – October 2018

Posted on

Win10NewsLogo Providing insights into Windows 10 deployment & management, security & compliance, and productivity.

 

Microsoft Ignite 2018

There were more than 100 sessions focused on Windows at Microsoft Ignite 2018, and everything from a first look at Desktop Analytics and the Microsoft Managed Desktop to deep dives on Windows Autopilot, Windows servicing, Delivery Optimization, and credential protection, and so much more. Here is a list of the activities that took place for you to review and learn about.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/A-guide-to-Windows-at-Microsoft-Ignite-2018/ba-p/260409

The Microsoft Ignite 2018 Book of News is your guide to ALL the announcements that Microsoft made on Sept. 24, with summaries of the news and links to more information.

Why and how you simplify IT with Microsoft 365. At Microsoft Ignite, Brand Anderson showed 75 minutes worth of examples of how Microsoft has applied a new philosophy to the way we build tools and services for IT pros. We refer to this approach to architecture, development, and end-user experience in Microsoft 365 as being “Integrated for Simplicity.” Our goal with this integrated simplicity is to make it as easy as possible for our customers to shift to a modern desktop and make their modern workplace a reality.
https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/28/why-and-how-you-simplify-it-with-microsoft-365

Deployment & Management
  1. Free e-book from Microsoft on making the shift to a modern desktop with Microsoft 365. It summarizes top considerations for deploying new PCs or getting PCs back to a business ready state, starting with some of the key things that may have changed since your last major desktop deployment. Followed by a pragmatic step-by-step approach to making the shift.
    https://info.microsoft.com/ww-landing-M365MD-making-the-shift-to-the-modern-desktop-eBook.html
  2. Announcing the Microsoft Managed Desktop (MMD), a new initial offering that brings together Microsoft 365 Enterprise, device as a service, and cloud-based device management by Microsoft. MMD enables customers to maximize their IT organizations’ focus on their business while Microsoft manages their modern desktops. We believe that MMD will be an option that allows organizations to fundamentally shift how they think about and manage their IT. Through MMD, customers will be able to move toward a secure, always up-to-date environment with device management by Microsoft.
    https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/17/collaborating-with-customers-and-partners-to-deliver-a-modern-desktop-microsoft-managed-desktop
  3. Join Microsoft CVP Brad Anderson to discover the benefits of a modern desktop, major changes and considerations versus previous deployments and best practices to ensure a smooth transition to Windows 10 and Office 365 ProPlus. This will guide you through the recommended steps for your shift to Windows 10 and Office 365 ProPlus, detailing how to leverage your existing tools and processes while adopting modern management technology and approaches along the way.
    https://techcommunity.microsoft.com/t5/IT-Resources-Training-Blog/How-to-shift-to-a-modern-desktop/ba-p/259907
  4. A modern desktop offers end users the most productive, most secure computing experience—it also saves IT time and money, so you can focus on driving business results. To help you make the shift to a modern desktop, we’re pleased to announce the following important changes. (a) Cloud-based analytics tools to make modern desktop deployment even easier. (b) A program to ensure app compatibility for upgrades and updates of Windows and Office. (c) Servicing and support changes to give you additional deployment flexibility.
    https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop
  5. Windows Autopilot now includes delivering BitLocker policy at OOBE, so you no longer have to decrypt and re-encrypt to get automatic BitLocker devices to meet policy (e.g. 256-bit encryption).
    https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-whats-new#delivering-bitlocker-policy-to-autopilot-devices-during-oobe
  6. Forrester found that Unified Endpoint Management (UEM) is finally a viable alternative to managing PCs and mobile devices separately. Download the free report which holds a comprehensive overview of the current UEM space—along with vendor recommendations, best practices, and caveats.
    https://resources.office.com/ww-landing-M365PD-Forrester-UEM-Finally-Arrives-WhitePaper.html
  7. Reduced Windows 10 package size downloads for x64 systems! The new feature updates, released as Electronic Software Distribution (ESD) files through WSUS, provide you with the option to download the x64 file as a separate package. By separating the files by system type, the download file becomes approximately 2.6 GB for the x64 package, saving you approximately 2.2 GB of download size immediately.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Reduced-Windows-10-package-size-downloads-for-x64-systems/ba-p/262386
  8. Major updates to documentation on Windows Hello for Business!
    https://aka.ms/whfb
  9. Use the “Flight Hub” dashboard to quickly identify the latest Windows Insider Preview releases for PC, Server, IoT. You can also look up the status of the SDK and ISO images.
    https://docs.microsoft.com/en-us/windows-insider/flight-hub
Security & Compliance
  1. Windows Defender Antivirus consistently achieves high scores in independent tests, displaying how it is a top choice in the antivirus market. We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities.
    https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests
  2. Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV.
    https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av
  3. Cyber thieves are catching on that we are watching them, so they are trying something different. A new malware campaign puts that to the test by targeting home users and small businesses in specific US cities. This was a focused, highly localized attack that aimed to steal sensitive info from just under 200 targets. Macro-laced documents masqueraded as statements from legitimate businesses. The documents are then distributed via email to target victims in cities where the businesses are located. With Windows Defender AVs next gen defense, however, the size of the attack doesn’t really matter.
    https://cloudblogs.microsoft.com/microsoftsecure/2018/09/06/small-businesses-targeted-by-highly-localized-ursnif-campaign
  4. We have seen many IT departments simplify their deployment strategies using Windows Update for Business to more quickly improve productivity and the Windows 10 experience for their end users. Learn about the experience of one of those customers to help you better understand how you can leverage Windows Update for Business—in conjunction with Windows Analytics—to help you do the same.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-amp-Windows-Analytics-a-real-world/ba-p/242417
  5. Windows Defender ATP September 2018 preview features are out!
    https://techcommunity.microsoft.com/t5/What-s-New/WDATP-September-2018-preview-features-are-out/m-p/242254#M95
  6. Video: In software supply chain attacks, attackers infect legitimate apps to distribute malware. Attackers target software developers and suppliers, seeking access to source codes, build processes, or update mechanisms. They hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. Protect yourself, your customers, and your partners by strengthening your defenses against software supply chain attacks. Windows Defender Advanced Threat Protection’s security technologies are built into Windows 10 and create a unified endpoint security platform to defend against supply chain attacks.
    https://www.youtube.com/watch?v=uXm2XNSavwo
Productivity
  1. Windows 10 Tip: Set up Windows Hello from your lock screen.
    http://blogs.windows.com/windowsexperience/2018/09/10/windows-10-tip-set-up-windows-hello-from-your-lock-screen
  2. Windows 10 Tip: Improvements to the HDR video experience.
    http://blogs.windows.com/windowsexperience/2018/09/04/windows-10-tip-improvements-to-the-hdr-video-experience
  3. Windows 10 Tip: Get mobile with Microsoft Edge.
    http://blogs.windows.com/windowsexperience/2018/09/17/windows-10-tip-get-mobile-with-microsoft-edge
  4. Watch our how-to video and have fun using a digital pen in Microsoft Office on your Surface. Edit your writing naturally, create standout presentations, and learn to design and use features like Ink Editor, Ink-to-Text, Remix 3D, Math Assist, and more.
    https://www.youtube.com/watch?v=U85n5sltzZw
In other news related to Windows 10…

Windows 10 News You Can Use – September 2018

Posted on Updated on

Win10NewsLogo Providing insights into Windows 10 deployment & management, security & compliance, and productivity.

1)      Microsoft has heard from many customers to better understand the monthly Windows 10 quality update servicing cadence and terminology. In response, John Wilcox (principal program manager) shares the guiding principles, then dives into them further to provide context for the quality updates themselves.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376

2)      What’s next for Windows 10 and Windows Server quality updates.  Beginning February 12, 2019, Microsoft will end its practice of creating delta updates for all versions of Windows 10.  In its place, a new design for quality updates to the next major versions of Windows 10 and Windows Server, coming later this year. This design creates a compact update package for easier and faster deployment.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-next-for-Windows-10-and-Windows-Server-quality-updates/ba-p/229461

3)      With new improvements in Windows 10 MDM management, advancements in cloud technology, and BYOD trends, many organizations are looking for modern ways to management their Windows devices. Watch this recorded webinar session to see how you can leverage a modern management approach with Enterprise Mobility + Security (EMS) to simplify deployment and management, improve security, provide better end user experiences, and lower total cost of ownership for your Windows 10 devices.
https://resources.office.com/ModernWindows10managementwithEnterpriseMobilitySecurityEMS-OnDemandRegistration.html

4)      Basic (but easy to forget) tips to remediate Windows application compatibility challenges.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Basic-but-easy-to-forget-tips-to-remediate-Windows-app-compat/ba-p/238308

Security & Compliance

1)      Improve your defensive posture with Exploit Guard Attack Surface Reduction (ASR).  See this step-by-step guide from Microsoft’s Chris Jackson on how to configure, monitor, and deploy ASR while maintaining application compatibility.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Improve-your-defensive-posture-with-Exploit-Guard-ASR/ba-p/22494

2)      Interpreting Windows 10 Exploit Guard ASR audit alerts.  Learn about when to test and when not to.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Interpreting-Exploit-Guard-ASR-audit-alerts/ba-p/228366

3)      If you want an additional layer of protection from ransomware, try saving your files in OneDrive. It’s part of the new experiences that arrived with the Windows 10 April 2018 Update. Here’s how it works: If a ransomware threat is found on a device, Windows Defender will notify you of the threat, help you remove the ransomware from your device, and give you options to recover your OneDrive files to the state they were in before the attack occurred.
http://blogs.windows.com/windowsexperience/2018/08/06/save-your-files-to-onedrive-for-expanded-ransomware-protection

4)      Hardening Windows Defender ATP machine learning defenses against adversarial attacks.
https://cloudblogs.microsoft.com/microsoftsecure/2018/08/09/protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks

5)      Protecting the modern workplace from a wide range of undesirable software. To protect our customers from the latest threats, massive amounts of security signals and threat intelligence from the Microsoft Intelligent Security Graph are processed by security analysts and intelligent systems that identify malicious and other undesirable software. Our evaluation criteria describe the characteristics and behavior of malware and potentially unwanted applications and guide the proper identification of threats. https://cloudblogs.microsoft.com/microsoftsecure/2018/08/07/protecting-the-modern-workplace-from-a-wide-range-of-undesirable-software

Productivity

1)      Windows 10 Tip: Use Paint 3D to edit your snips.
http://blogs.windows.com/windowsexperience/2018/08/20/windows-10-tip-use-paint-3d-to-edit-your-snips

In other news related to Windows 10…

Windows 10 News You Can Use – August 2018

Posted on Updated on

Win10NewsLogo Providing insights into Windows 10 deployment & management, security & compliance, and productivity.

On July 10th, Windows 10 version 1803 was declared as a fully available Semi-Annual Channel (aka CBB) release. Be sure to also review “What’s new for IT pros in Windows 10, version 1803” at
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1803/ba-p/188568.

Deployment & Management

1)      Windows 10 quality updates explained & the end of delta updates. Beginning February 12, 2019 Microsoft will deprecate delta updates for all versions of Windows 10.  Learn about the role of Express Updates to reduce the impact to network delivery of quality updates.
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426

2)      Forrester Study: Modernize Your Device Management Using the Cloud (whitepaper, updated June 2018).
https://resources.office.com/ModernizeYourDeviceManagementThankYou.html

3)      Detailed information on how Upgrade Readiness collects application inventory for your OMS workspace.  Includes info about data collection, appraiser updates, best practices, and troubleshooting!
https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-Upgrade-Readiness-collects-application-inventory-for-your/ba-p/213586

4)      Most companies manage their PCs and mobile devices with separate management tools. In a recent report, Forrester found that Unified Endpoint Management (UEM) is now a more optimal option—and a good way to help organizations modernize their management strategies.  Download this Forrester report to learn more.
https://resources.office.com/ww-landing-M365PD-Forrester-UEM-Finally-Arrives-WhitePaper.html

5)      Microsoft Mechanics’ 7-minute video which explores the latest capabilities in Windows Analytics across Upgrade Readiness, Update Compliance, and Device Health.
https://www.youtube.com/watch?v=4Kb78NmfV6E

6)      Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices.
https://docs.microsoft.com/en-us/windows/deployment/update/feature-update-mission-critical

7)      Suggested in-depth guidance on Windows Update for Business policies and how they have changed over time.
https://docs.microsoft.com/en-us/windows/deployment/update/wufb-onboard

8)      We are happy to announce that the MSIX Packaging Tool (Preview) is now available to from the Microsoft Store. MSIX Packaging Tool enables you to update your existing win32 application packages to the MSIX format.
https://techcommunity.microsoft.com/t5/MSIX-Blog/MSIX-Packaging-Tool-Preview-is-now-available-from-the-Microsoft/ba-p/216204

Security & Compliance

1)      Windows Defender Antivirus (WDAV) scores in the March-April 2018 tests. In this new iteration of the transparency report, we continue to investigate the relationship of independent test results and the real-world protection of antivirus solutions. We hope that you find the report insightful.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/20/march-april-2018-test-results-more-insights-into-industry-av-tests

2)      Introducing Web Authentication in Microsoft Edge.  With Web Authentication, Microsoft Edge users can sign in with their face, fingerprint, PIN, or portable FIDO2 devices, leveraging strong public-key credentials instead of passwords.
http://blogs.windows.com/msedgedev/2018/07/30/introducing-web-authentication-microsoft-edge

3)      Security Updates around side-channel speculative execution vulnerabilities (Spectre and Meltdown). New Disclosure: On June 13, 2018, an additional vulnerability involving side channel speculative execution, known as Lazy FP State Restore, was announced and assigned CVE-2018-3665. For more information about this vulnerability and recommended actions, please refer to the Security Advisory: ADV180016 | Microsoft Guidance for Lazy FP State Restore.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180016

4)      A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the app’s legitimate installer the unsuspecting carrier of a malicious payload. The attack seemed like just another example of how cybercriminals can sneak in malware using everyday normal processes. The plot twist: The app vendor’s systems were unaffected. The compromise was traceable instead to a second software vendor that hosted additional packages used by the app during installation. This turned out be an interesting and unique case of an attack involving “the supply chain of the supply chain”.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks

5)      Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis.  Includes the roles that Windows Defender Antivirus and Windows Defender ATP played in the security protections.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/11/hawkeye-keylogger-reborn-v8-an-in-depth-campaign-analysis

Productivity

1)      Windows 10 Tip: Yikes, stop that sound! Mute-a-tab in Microsoft Edge.
http://blogs.windows.com/windowsexperience/2018/07/02/windows-10-tip-yikes-stop-that-sound-mute-a-tab-in-microsoft-edge

2)      Windows 10 Tip: Get more out of reading online with Grammar Tools in Microsoft Edge.
http://blogs.windows.com/windowsexperience/2018/07/09/windows-10-tip-get-more-out-of-reading-online-with-grammar-tools-in-microsoft-edge

3)      Windows 10 Tip: Windows Ink directly in textbox.
http://blogs.windows.com/windowsexperience/2018/07/16/windows-10-tip-windows-ink-directly-in-textbox-new-in-the-windows-10-april-2018-update

4)      Windows 10 Tip: Try reading on a full screen for a distraction-free experience in Microsoft Edge.
http://blogs.windows.com/windowsexperience/2018/07/23/windows-10-tip-try-reading-on-a-full-screen-for-a-distraction-free-experience-in-microsoft-edge

In other news related to Windows 10…

Resources for Windows Autopilot

Posted on Updated on

Similar to last month’s post on resources for Windows Analytics, I’m often also asked for a collection of useful resources on Windows Autopilot.  With that said, most of these are just cumulatively pulled from my monthly Windows 10 “news you can use”.

Other resources related to Windows Autopilot when using Microsoft Intune.

Auto MDM Enroll: Failed (The system tried to delete the JOIN of a drive that is not joined.)

Posted on Updated on

When setting up hybrid Azure AD join with on-premises Windows 10 environments, if you encounter the an error that “The system tried to delete the JOIN of a drive that is not joined.“, then there is a good chance that the device has not yet synchronized into Azure AD.

Event76

A few tips to help you isolate the cause and get past this issue:

  1. First, confirm the device exists in Azure Active Directory (or not).  In the Azure portal, navigate to Azure Active Directory > Devices > All devices.
    AzureDevicesList
  2. Review the steps in Troubleshooting hybrid Azure Active Directory joined Windows 10 and Windows Server 2016 devices.  Note that this article points back to another article on How to configure hybrid Azure Active Directory joined devices, which presently contains way more helpful information to help you troubleshoot.
  3. In the most current Azure AD Connect releases, use the built-in Troubleshooter.  Then in the PowerShell windows which launches, use both options to troubleshooting options for Object Sync and Password Hash Sync.
    AADC_troubleshooter

In my case, the troubleshooting guides were useful to confirm that I had configured everything correctly.  Then the Azure AD Connect troubleshooter reported an error that “Password Hash Synchronization cloud configuration is disabled”.  Searching that issue on the Internet led me to discover that the cause was likely due to mismatched passwords between the Azure AD account “On-Premises Directory Synchronization Service Account” with the password currently set in the local synchronization service.

To fix that, first set a new password for the “On-Premises Directory Synchronization Service Account”.  To do that, try setting it in Azure directly.  However, given that it’s a special account, it may be necessary to reset the password through PowerShell with the MSOL cmdlets.  While I’m not getting into the full end-to-end setup and use of those add-on Azure PowerShell cmdlets, the command could be as simple as:

Connect-AzureAD
Set-AzureADUserPassword -ObjectId abc123def456xyz980 -Password MyP@ssw0rd! -ForceChangePasswordNextLogin $false

Next, start program Synchronization Service Manager, then click on Connectors.  Locate the Windows Azure Active Directory Account and click Properties.

syncservice

Finally, set the password.  Voila, devices will now sync to Azure AD on the next synchronization!

AADsyncProperties