First and foremost, the next update of Windows 10, the Fall Creators Update, will be available worldwide October 17. With the Fall Creators Update (aka RS3, aka v1709) we are introducing some fun, new ways to get creative. As part of the update we will deliver an evolution to the photos experience that will let you tell your story like never before using photos, videos, and 3D effects; enhancements in gaming, security, accessibility, and immersive new experiences made possible by Windows Mixed Reality. All of this innovation will be brought to life by a range of beautifully designed, and feature rich modern devices available from our hardware partners this holiday.
Deployment & Management
- Learn how Windows 10 can support your compliance with the European Union (EU) General Data Protection Regulation (GDPR) as well as approaches, recommended practices and techniques to support your GDPR compliance journey. https://www.microsoft.com/en-us/download/details.aspx?id=55765
- This new demo from Microsoft Mechanics walks you through common usage scenarios for Windows Analytics Update Compliance, a cloud-based solution that provides you with an inventory of the devices in your organization, the version of Windows installed on each device, the update status of each device, and antimalware assessment for Windows Defender Antivirus-enabled devices. https://blogs.technet.microsoft.com/windowsitpro/2017/08/10/new-demo-windows-analytics-update-compliance
- The Microsoft Intune team is excited to announce the ability to deploy Office 365 ProPlus applications to Windows 10 devices from the cloud with Intune. https://blogs.technet.microsoft.com/enterprisemobility/2017/08/10/deploying-office-365-proplus-with-microsoft-intune
- Preview of the Microsoft Store for Business PowerShell module. Use the module to view purchased items, manage licenses, perform bulk operations. https://docs.microsoft.com/en-us/microsoft-store/microsoft-store-for-business-education-powershell-module
- Connect with members of the product engineering teams who will be on hand to answer your questions and listen to feedback about Upgrade Readiness, Update Compliance, Device Health, and how these services can help you reduce the costs associated with deploying, servicing, and supporting Windows 10. https://myeventurl.azurewebsites.net/events/Details/276
- Is your staff handling your corporate data with care? Window Information Protection helps Microsoft IT know when employees are sending corporate data to non-corporate locations—and it helps people protect sensitive content and corporate assets. On Wednesday September 6th, learn how Windows Information Protection works to provide data security in our highly mobile and collaborative business culture, and prepare to deploy, configure, and manage it for data loss prevention in your environment. https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x22413939980
- Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Windows 10 “Creators Update” also known as version 1703, “Redstone 2,” or RS2. https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final
- How Microsoft’s IT uses Windows Defender Antivirus.
- New Microsoft documentation on Windows Defender Application Guard. https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview
- Windows Defender Exploit Guard (WDEG) which will complete our journey to incorporate all of the security benefits of EMET directly into Windows. This effort was significantly influenced by two insights that came up most frequently in our survey data, customer support calls, and conversations with EMET stakeholders and security enthusiasts. More than anything else, our customers have expressed that they want (1) a user-friendly UI for configuring mitigation settings and (2) a way to protect their legacy apps on Windows 10. https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard
- Microsoft explores the machine learning techniques that have transformed Windows Defender ATP into a formidable solution for spotting all kinds of breach activity in the enterprise network. https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity
- Windows 10 protects against tech support scams, no matter the vector. https://blogs.technet.microsoft.com/mmpc/2017/08/07/links-in-phishing-like-emails-lead-to-tech-support-scam
- Windows 10 Pro for Workstations is a high-end edition of Windows 10 Pro, comes with unique support for server grade PC hardware and is designed to meet demanding needs of mission critical and compute intensive workloads. https://blogs.windows.com/business/2017/08/10/microsoft-announces-windows-10-pro-workstations
- Windows 10 Tip: Five ways to personalize notifications on your PC. http://blogs.windows.com/windowsexperience/2017/08/28/windows-10-tip-five-ways-personalize-notifications-pc
- Windows 10 Tip: Three ways to get started with OneNote. https://blogs.windows.com/windowsexperience/2017/08/21/windows-10-tip-three-ways-get-started-onenote
- Windows 10 Tip: Turn text into timelines in PowerPoint. https://blogs.windows.com/windowsexperience/2017/08/14/windows-10-tip-turn-text-timelines-powerpoint
- Available later this year, a collaboration between Microsoft and Amazon will allow you to access Alexa via Cortana on Windows 10 PCs, followed by Android and iOS in the future. Conversely, you’ll be able to access Cortana on Alexa-enabled devices like the Amazon Echo, Echo Dot and Echo Show. https://blogs.microsoft.com/blog/2017/08/30/hey-cortana-open-alexa-microsoft-amazons-first-kind-collaboration
It’s no secret that with the introduction of Windows 10 that Microsoft has moved into the direction of releasing new feature updates twice per year, which is commonly referred to as Windows as a Service. An organization could be faced with challenges around the frequency, size, and the new administrative cadence of feature updates to Windows (even though Microsoft has done and is doing great work to address these challenges).
In light of these challenges, it can be tempting for an organization to try to “standardize” on version of Windows 10 that is supported for 10 years. This version is called the Long Term Servicing
Branch Channel, or LTSC for short, and is designed for “Specialized systems—such as PCs that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization.” (Side note that the nomenclature usage of the word “Branch” was recently dropped
While it may sound great that there is a version of Windows 10 which is supported for 10 years, there are many considerations and risks with trying to use it across the board. This posting is an attempt to pull together and consolidate disparate references to help highlight, educate, and inform on Win10 LTSC for general production use. Even Gartner says Rethink Windows 10 LTSB Deployment Based on Microsoft’s Updated Guidance.
General guidelines state that devices that fulfill the following criteria are considered general-purpose devices and should be paired with Windows 10 using the Current Channel servicing option:
- Devices that run productivity software such as Microsoft Office
- Devices that use Windows Store applications
- Devices that are used for general Internet browsing
(for example, research or access to social media)
Support for the latest processor / chipsets:
- LTSC will support the currently released silicon at the time of release of the LTSC version
- As future silicon is released, support will be created through future LTSC releases that customers can deploy for those systems
- This enables Microsoft to focus on deep integration between Windows and the silicon, while maintaining maximum reliability and compatibility with previous generations of platform and silicon
- Multiple LTSC versions would be required to be used and managed within the organization for the life of the hardware
- Hope you’re ready to buy hundreds or thousands of computers with supported chipsets to just keep on hand
LTSC, being that it’s code base and features are set “in stone” for 10 years and will not be modified, then it will be unable to keep up with current security capabilities and needs. Case in point, the LTSB 2015 and 2016 releases do not have support for the following, only the current channels of Win10. This would further widen the security gap of an organization until they are added into a future LTSC release (which is only every few years).
- Memory protection features
- Control Flow Guard (CFG) – a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities
- Data Execution Prevention (DEP)
- Structured Exception Handling Overwrite Protection (SEHOP)
- Address Space Layout Randomization (ASLR)
- Hardening against recent zero-day exploits
- Win32k elevation of privilege
- Open type font elevation of privilege
- Windows Hello for Business on-premises
- Windows Defender Application Guard (also because LTSC does not support Edge)
- Windows Defender Exploit Guard (formerly known as EMET)
Windows Analytics provides data-driven insights that reduce the cost of deploying, servicing, and supporting Windows 10. It gives an organization actionable information to help gain deep insights into operational efficiency and the health of Windows 10 devices in the environment. But Windows 10 LTSC is not supported. The three tools include:
- Upgrade Readiness (general availability) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements.
- Update Compliance (public preview) provides a unified view of Windows Update and Windows Defender Antivirus compliance for Windows 10 devices, regardless of the management solution being used. It allows organizations to keep their devices secure and up-to-date, track protection and threat status, and monitor update deployments and troubleshoot issues as they arise.
- Device Health (public preview) provides proactive insights to help detect and remediate end-user impacting issues. This new service uses telemetry data to provide such insights without additional infrastructure requirements. Proactively remediating end-user issues enables you to reduce support costs and improve efficiency.
Examples of functionality missing that was included in the Windows 10 Creators Update (1703) in April 2017 include the following. For each and every release of Windows 10, this list would grow.
- Unified Update Platform
- MBR to GPT conversion tool
- New MDM and MAM capabilities
- Customization of the Settings app to hide/show different pages
- Dynamic lock
- Express updates in SCCM
- The list goes on…
Various other limitations
- Fewer non-security and reliability fixes
- Visual Studio is not supported on LTSC
- Office ProPlus (traditional MSI) is highly recommended, and not using Office 365 ProPlus (aka click-to-run) on LTSC
- In-place upgrade of Win7 to LTSC is not supported – a full reimage, backup/restore of data and applications, just like the old days
- Depending upon IHV and ISV, there may be support and limitations on LTSC
- Doesn’t contain in-box apps, such as Store, Calculator, Photos, Camera, Music, Clock, and Edge – and yes, Edge is also a more secure browser
- Windows Feature Updates, including enhancements such as:
- Improvements to Direct Ink and palm rejection provided in Windows 10 1607
- Improved support for high DPI applications provided in Windows 10 1703
- Pressure sensitivity settings provided by the Surface app
- The Windows Ink Workspace
- Key touch-optimized in-box applications including Microsoft Edge, OneNote, Calendar, and Camera
- Driver and firmware updates are not explicitly tested against releases of Windows 10 Enterprise LTSC
- If you encounter problems, Microsoft Support will provide troubleshooting assistance. However, due to the servicing nature of the Windows LTSC, issue resolution may require that devices be upgraded to a more recent version of Windows 10 Enterprise LTSC, or to Windows 10 Pro or Enterprise with the Current Channel servicing option.
In summary, in this blog post I have tried to outline evidence to support you in your decision making process for choosing Windows 10 Current Channel over LTSC. I hope that it leads to the proper choice for you! Points covered were
- Guidelines of what is a general use device vs. a specialized device
- Support for the latest processor / chipsets
- Security features that are not present in LTSC
- Windows Analytics for data-driven insights, is not supported
- Example of missing functionality that was delivered in Windows 10 Creators Update (1703)
- Various other limitations and their potential impact
- Core Surface device experiences are impacted
Windows 10 news for August 2017. Categories:
deployment | security | productivity | windows insider highlights
Deployment & Management
- Details have been released as to which processors can be used with Windows products (including Custom Images). For each listed edition, your company must use only the processors listed, as specified in the table below. The requirements below apply whenever the edition below is pre-installed or provided on external media, including as downgrade or down edition software.
- Recommended settings and configurations for Win10 VDI desktops
- Features that are removed or deprecated in Windows 10 Fall Creators Update
- As part of the alignment with Windows 10 and Office 365 ProPlus, we are also adopting common terminology to make it as easy as possible to understand the servicing process. The names Current Branch (and CB for Business) and Long-Term Servicing Branch (LTSB) are being replaced with Semi-Annual Channel and Long-Term Servicing Channel.
- Now Available: Update 1706 for System Center Configuration Manager
- For the past several months, Microsoft has shared insights on our roll out approach for Windows 10 Creators Update (version 1703). We’re now moving from a targeted offering to full availability for all compatible devices running Windows 10 Creators Update globally via Windows Update. Similarly, our commercial customers should feel confident to deploy this release broadly across their organizations.
- IT use has evolved. The modern workplace encompasses multiple device platforms, user- and business-owned devices, and the ability for users to work anywhere. Transforming the process for deploying new Windows 10 PCs is an important part of Microsoft’s vision for modern IT.
- Last month Microsoft announced Windows Analytics Device Health, the latest addition to the suite of Windows Analytics functionality designed to ensure employees have the best possible experience with Windows 10. Through the proactive insights provided by Device Health, we believe we can help you save time and money by reducing helpdesk calls and keeping employees productive. We are happy to announce that the public preview of Windows Analytics Device Health is available for you to try.
- After October 10, 2017, Windows 10 devices running version 1511 will no longer receive security and quality updates. Microsoft recommends updating devices to the latest version of Windows 10.
- Microsoft IT looked to the capabilities of the cloud to help address the challenges of monitoring and protecting the corporate network from advanced adversaries and threats. Windows Defender Advanced Threat Protection (ATP) combines built-in behavioral sensors, machine learning, and security analytics that quickly adapt to changing threats.
- Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware. In Windows 10 Creators Update, the Windows Defender AV client uploads suspicious files to the cloud protection service for rapid analysis. Our ability to make a swift assessment of new and unknown files allows us to protect customers from malware the first time we see it.
- Solving the TLS 1.0 Problem – This document presents guidance on rapidly identifying and removing Transport Layer Security (TLS) protocol version 1.0 dependencies in software built on top of Microsoft operating systems. It is intended to be used as a starting point for building a migration plan to a TLS 1.2+ network environment.
- With Windows 10, your needs have guided our product development. We’ve designed Windows 10 to be the safest, most secure Windows yet. Our goals are to simplify IT administration and to deliver more personal and productive experiences with a lower total cost of ownership (TCO) on modern, powerful devices. Find out how your organization can prepare for today’s security threats.
- Microsoft would like to provide you with the latest information to keep you up-to-date with modern security advancements from Windows, through the latest Modern Security Information Kit.
- We’re excited to introduce you to the Microsoft Modern Keyboard with Fingerprint ID, a premium quality keyboard that brings the convenience and security of Windows Hello fingerprint sign-in to any PC running Windows 10. With the new Microsoft Modern Keyboard with Fingerprint ID, you can use your finger to sign into your Windows devices, and compatible apps**, with Windows Hello in less than 2 seconds – that’s 3 times faster*** than a password that you have to remember and type in.
- If there’s anything we learned, it’s that after 32 years, MS Paint has a lot of fans. It’s been amazing to see so much love for our trusty old app. Amidst today’s commentary around MS Paint we wanted to take this opportunity to set the record straight, clear up some confusion and share some good news: MS Paint is here to stay, it will just have a new home soon, in the Windows Store where it will be available for free.
Windows Insider Highlights
- Beginning in the Windows 10 Fall Creators Update, we intend to disable VBScript execution in IE 11 for websites in the Internet Zone and the Restricted Sites Zone by default, to provide a more secure experience.
- The End of an Era – Adobe announced that Flash will no longer be supported after 2020. Microsoft will phase out support for Flash in Microsoft Edge and Internet Explorer ahead of this date.
June was an active month for Windows 10 advancements, new resources, and security events! For this edition of the “news you can use”, I’ve broken it into categories for deployment | security | productivity | windows insider feature highlights.
Deployment & Management
- MDOP servicing update released in March 2017, which includes updates for things like MBAM 2.5 SP1 support for SQL Server 2016 SP1.
- Demystifying Windows as a Service – David das Neves (PFE for Microsoft Germany) shares his current experience and guidance for organizational preparation for WaaS.
- Introducing a new service to the Windows Analytics suite – Device Health. Device Health functionality is designed to ensure employees have the best possible experience with Windows 10. To achieve that goal, it helps identify issues that could affect a person’s experience, before they may even notice, while also identifying steps needed to resolve those issues proactively. This reduces helpdesk calls and support costs, saving time and money.
https://blogs.windows.com/business/2017/06/29/delivering-modern-promise-windows-10 (read the Proactive Insights section)
- Windows AutoPilot is a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. With Windows AutoPilot, IT professionals can customize the Out of Box Experience (OOBE) for Windows 10 PCs and enable end users to take a brand-new Windows 10 device and—with just a few clicks—have a fully-configured device ready for business use. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Most importantly, users can go through the process independently, without making any decisions and without needing to involve IT. Furthermore, an upcoming WEBINAR on Modernize the deployment process with Windows AutoPilot
- Modern management of Internet-based clients using SCCM.
- Videos and setup guides for Upgrade Readiness in the Windows Analytics suite.
- One-hour “Ask Microsoft Anything” event upcoming about Windows 10 management at 9:00 a.m. Pacific Time on July 25th. Members of the Windows engineering and product teams will be standing by to answer your questions. Note: You must be a member of Tech Community to post questions so save the date for the AMA event and visit http://aka.ms/community/Windows10 to join the Windows 10 Tech Community today.
- EMET protections coming to Windows 10 RS3 (branded as Windows Defender Exploit Guard)!
- Microsoft Mechanics video highlighting the RS3 capability for Windows Defender Application Guard.
- New ransomware, old techniques: Petya adds worm capabilities – analysis and recommendations. Plus, Windows 10 resilience against the Petya ransomware attack.
- Find out how to prevent and contain cyberattacks across email and endpoints with Windows Defender Advanced Threat Protection (Windows Defender ATP) and Office 365 ATP. This new demo explains how these technologies work together to help detect and prevent attacks, and how—if an attack makes it through your defenses—they can help you contain the threat and take immediate action.
- What’s new and coming to Windows Defender ATP in Win10 RS3.
- Microsoft is pleased to announce the beta release of the recommended security configuration baseline settings for Windows 10 “Creators Update”.
- Microsoft reluctantly announces the retirement of the Security Compliance Manager (SCM) tool. At the same time, we are reaffirming our commitment to delivering robust and useful security guidance for Windows, and tools to manage that guidance.
- The Microsoft Security Configuration Toolkit (replacing SCM as noted above) enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a Domain Controller or inject them directly into testbed hosts to test their effects. The Security Configuration Toolkit consists of two tools, Policy Analyzer and LGPO, and a set of configuration baselines for different releases of Windows.
- Windows 10 tip: Organize your Start files with new tile folders.
Windows Insider Feature Highlights
- Windows 10 and SMB1: As part of a multi-year security plan, we are removing the SMB1 networking protocol from Windows by default. This build has this change, however the change only affects clean installations of Windows, not upgrades. We are making this change to reduce the attack surface of the OS.
- Windows Defender Application Guard (WDAG) Improvements.
- Introducing Controlled folder access in Windows Defender Antivirus: making it easier for you to protect valuable data from malicious apps and threats, such as ransomware.
- OneDrive files on-demand now available for Windows Insiders.
This June 2017 edition of Win10 news you can use is primarily based around security. Do note that item #1 is for an upcoming webcast that could be beneficial for you or others in your team to attend.
- Windows 10 deployment: Tips and Tricks from Microsoft IT – LIVE June 20 at 10AM PST – This webinar will focus on best practices and lessons learned, from application compatibility testing and upgrade strategies to smoothing the deployment path through end user readiness
- R.I.P … Windows 10 1507 end of support. Next up is end of support for Win10 1511 (Anniversary Update).
- Recently the Windows Defender Advanced Threat Protection (WDATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations.
- Announced last September in the Microsoft Edge Blog, Windows Defender Application Guard for Microsoft Edge is now available in Windows Insider Preview (Build 16188) for Enterprise users in the Fast Ring. Microsoft Edge running in Application Guard provides enterprises the maximum level of protection from malware and zero day attacks against Windows.
- Improvements for Enterprises in Microsoft Edge on the Windows 10 Creators Update
- The security capabilities of Windows 10, Windows Defender Antivirus, and Windows Defender Advanced Threat Protection are constantly evolving to protect against current and future threats. Download this white paper to learn how Microsoft uses data science, machine learning, automation, behavioral analysis, and expert threat researchers to forge the next generation of security solutions.
- Microsoft Secure Blog on “7 types of highly effective hackers (and what to do about them)”; get the free e-book (registration required) to learn about the seven different types of hackers and get recommendations on how you can better prepare your organization against their potential threats.
For this month’s edition of Windows 10 news that you can use, I’m excited to share that the Windows 10 Creators Update (aka RS2, aka 1703) has arrived! Announcement: https://blogs.windows.com/windowsexperience/2017/03/29/windows-10-creators-update-coming-april-11-surface-expands-markets. Additionally, there is a webcast on April 27th, which will cover changes and new features in further detail – register for it at https://aka.ms/w10itpro/new-in-v1703-webcast.
For the rest of this month’s news:
- The Microsoft Edge security team employs a layered strategy to protect you from vulnerabilities that could be used to compromise your device or personal data. In this post, we’ll explore some of the significant improvements we’ve made in the Windows 10 Creators Update to strengthen our next line of defense: the Microsoft Edge sandbox.
- If you upgraded in-place to Win10 x64 from Win7 x64, then it’s highly likely the disk is in the MBR format. With the release of the Win10 Creators Update (v. 1703), the disk conversion MBR to GPT tool is now ready to be used so that you can convert BIOS to UEFI.
- Win10 virtual hands-on labs let you try out Windows 10 setup, deployment, and management scenarios using a cloud-based private virtual machine environment. Each lab presents you with a series of instructions, and access to one or more virtual machines, with no additional software or setup required.
- Easy to follow Win10 technical demonstration videos – Explore the new features and improvements in Windows 10, and find tips and tricks to simplify deployment.
- Windows Defender Antivirus protection evaluation guide. Related, if you would like a demo or to personally test out the Block at First Sight capabilities to protect against zero-day malware, then let me know so that I can provide you with instructions to mimic polymorphic malware.
- Features that are removed or deprecated in Windows 10 Creators Update 1703. This list is intended for IT professionals who are updating operating systems in a commercial environment.
- On-demand video for Best Practices on Win10 deployment. Refresh your memory on what Windows as a Service means, and understand how it applies to your own business. Get an overview of the management features and integrations in Windows 10 that make it simpler but also more flexible, such as In-Place Upgrade, Dynamic Provisioning, Azure Active Directory, and Mobile Device Management. Learn more about App-V and UE-V, which makes management of applications and settings more streamlined.
- Windows 10 Deployment and Management Lab Kit updated and good through June 1, 2017. Note this is still using Win10 1607 as that is the CBB.
This March 2017 edition of “news you can use” for Windows 10 is chalked full of many resources as it was an active month in February! To help break apart such a large list, I have split it into three sections – Win10 news and resources, combating new security threats with Win10, and training / how-to guides.
Windows 10 News & Resources
- Signup for the new Win10 IT Professional insider newsletter! Get the latest news, resources, tools, and guidance to help you explore and deploy Windows 10; migrate from Windows 8.1 or Windows 7; and manage your existing Windows client infrastructures successfully—and with less effort.
- Windows 10 security experts share how to stay ahead of the catalysts shaping the cyber landscape
- FastTrack for Windows 10 announced
- The whitepaper on the “total economic impact” of Windows 10 was updated and refreshed in December 2016. This Microsoft-commissioned report by Forrester demonstrates how deploying Windows 10 can help reduce costs and provide significant benefits to your organization. The report found an ROI of 233% with a payback period of only 14 months. Download now to read more!
- Infographic: Simplify Windows 10 management and lower TCO
- For those using and creating Provisioning Packages, the Windows Image Configuration Designer is now available as a universal application. So it’s not necessary to download and install from the Windows ADK!
Windows 10 and Surface stomp on security threats with new enterprise innovations
These are key announcements from blog post: https://blogs.windows.com/business/2017/02/10/windows-10-surface-stomp-security-threats-new-enterprise-innovations
- NSA adds Windows 10 and Surface to list for classified use – Surface Pro 3, Surface Pro 4 and Surface Book have been added to the NSA’s Commercial Solutions for Classified Programs (CSfC) list. Additional information on the NSA site: https://www.nsa.gov/resources/everyone/csfc/components-list
- Enhanced security capabilities with Surface Enterprise Management Mode (SEMM). SEMM will protect PCs at the UEFI level – “so a lot of the attacks you would expect attackers to use in order to just re-enable the camera without the user knowing, won’t even work, because the device is disabled at a fundamental, hardware level”.
- Extending device management in Windows 10 using MDM software, administrators will be able to apply settings and configurations from the Security Baseline Policies list. Previously, those settings were only available through Group Policy.
- New MDM Migration Analytics Tool designed to help customers figure out migrating from Group Policy to MDM. It scans a system for all of the policies applied to it, tries to map those policies to their MDM equivalents, and spits out a report of the results.
- The quest for No More Passwords with Windows Hello – Now available with on-premises Active Directory not just Azure AD.
- Additionally, the Dynamic Lock feature in Windows Hello connects a user’s smartphone to their Windows 10 device, and automatically locks the device when the phone’s Bluetooth signal drifts far away.
- The Upgrade Analytics “tool” is being rolled into a suite of tools called Windows Analytics. Upgrade Analytics itself is being rebranded as Upgrade Readiness.
- Windows Analytics will now include Update Compliance – free insights that provide a holistic view of Windows 10 update compliance for both monthly quality updates and new feature updates. This free resource will help organizations monitor deployment progress, identify issues and provide insights about their fully-patched, secure Windows 10 device environment.
Windows 10 Training and Guides
- New how-to articles and guides available from Microsoft!
- Step by step guide: Configure a test lab to deploy Windows 10
- Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
- Deploy Windows 10 in a test lab using System Center Configuration Manager
- Determine the Enterprise Context of an app running in Windows Information Protection (WIP)
- Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
- Using Outlook Web Access with Windows Information Protection (WIP)
- Cortana integration in your business or enterprise
- Quick guide to Windows as a service
- Wake On LAN for Surface devices
- Stop malware with Windows 10 Device Guard
- Microsoft Mechanics video: A look at Advanced Threat Analytics in the datacenter