Latest Event Updates

Windows 10 News You Can Use – April 2018

Posted on Updated on

Win10NewsLogo Windows 10 news you can use, April 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

Also see other news related to Windows 10

Deployment & Management

1) Explore the results of a recent Forrester study and learn how to take advantage of new cloud functionality to improve the end user computing operations lifecycle and leverage the ease and flexibility of the cloud for device management.

2) Afraid of Windows 10 with Azure AD join? Michael Niehaus demystifies AADJ and provides practical guidance to try it out!
Part 1:
Part 2:

3) In case you missed it, Microsoft Deployment Toolkit (MDT), build 8450 was released in late December, offering support for Windows 10, version 1709; the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1709; and System Center Configuration Manager, version 1710.

4) Watch a free webinar to learn how EMS can help you manage and secure user identities, devices, apps, and data across all of your Windows devices, iOS, macOS, and Android. This one-hour session includes: 1) Securing access to company email, files, and apps stored in the cloud and on-premises, 2) Protecting company data on all endpoints, 3) Modernizing Windows 10 management.

5) With the 1710 update to ConfigMgr and the 1709 update to Windows 10, we’ve provided the foundations of our solution to bridge Windows modernization through Co-Management. This bridge is an entry-point for our customers to start their transitions to modern management – a path that leads traditional, domain-joined and ConfigMgr-managed solutions, to a deployment of Azure Active Directory and Intune.

6) The documentation team has an article with the current list of UWP provisioned (in-box) and installed (from the store on first logon) for various Windows 10 releases. But one thing that isn’t reflected in that documentation: the list of apps installed from the store can be different depending on the type of account you sign in with, by the SKU that you are using, and even by the region of the world the device is in.

7) An updated version of System Center Updates Publisher (SCUP) is now available which adds support for Windows 10 and Windows Server 2016. SCUP enables independent software vendors or line-of-business application developers to manage custom updates.

8) The AskPFEPlat team is here today with you in force. Recently they put together 10 Tips and Tricks from the Field – a collection of tips and tricks in our tool belt that they use on occasion. They wanted share these with all their readers in-an-effort to make your day a little easier.

9) Moving from project to process: digital transformation with Windows as a service.

Security & Compliance

1) How to enable BitLocker Drive Encryption and automate the process for an AutoPilot device that is provisioned for a standard user using the Windows 10 Fall Creators Update version 1709.

2) Windows Defender System Guard: Making a leap forward in platform security with memory integrity.

3) Windows 10 in S-Mode coming soon to all editions of Windows 10.

4) Learn from the Windows Defender Research group about protecting corporate networks from cryptocurrency miners with the security capabilities in Windows 10.

5) Announcing a set of new preview features for Windows Defender ATP, which includes capabilities such as Automated Investigation and Response (AIRS), advanced hunting tools for SecOps, role-based access controls, Azure ATP integration, insights into additional Win10 security capabilities, and more!

6) Guided lab to get Windows Hello for Business to work on Windows 10 to show the user experience and provide some lessons learned.

7) Over the last year, we’ve talked about how we’re investing in new innovations to address today’s challenging threat landscape, what we’ve delivered, and how it will change the dynamics. Today, I want to share the results of our new antivirus capabilities in Windows Defender Advanced Threat Protection (ATP) which are genuinely incredible because they will directly benefit the work you are doing. Read more on why Windows Defender Antivirus is the most deployed in the enterprise.


1) Windows 10 Tip: Three ways you can personalize your desktop with fun themes and colors.

2) Windows 10 Tip: Clear your workspace in one of two simple steps.

3) Windows 10 Accessibility: What to expect in the year ahead.

4) Windows 10 Tip: Six keyboard shortcuts to help you find what you’re looking for.

Other news related to Windows 10…

Windows 10 News You Can Use – March 2018

Posted on Updated on

 Win10NewsLogo Windows 10 news you can use, March 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

Also see other news related to Windows 10


Deployment & Management

1)      Windows Analytics now helps assess Meltdown and Spectre protections.

2)      Update 1802 for Configuration Manager [Technical Preview Branch] – includes new features and functionality for Windows 10 deployment and management!

3)      Windows Update for Business offers an additional option to aid administrators in the critical pursuit of ensuring systems are kept up to date. Understanding what Windows Update for Business is and how it can be implemented either standalone or through integration with Configuration Manager is critical, so you make the best choice for your business.  Watch this easy-to-follow video tutorial on implementing and managing WUfB with SCCM.

4)      Express Update is a capability of WSUS and the Windows Update Agent that was added to help reduced the overall network impact of these larger updates. Configuration Manager current branch 1702 (though 1710 and higher is recommended for best performance) added full support for Express. Understanding how Express works is important so that administrators know what to expect and can plan accordingly. Watch this easy-to-follow video for details of how Express works and how supporting Express is supported in a Configuration Manager environment.

Security & Compliance

1)      Microsoft continues to work diligently with our industry partners to address the Spectre and Meltdown hardware-based vulnerabilities. Our top priority is clear: Help protect the safety and security of our customers’ devices and data. Today, I’d like to provide an update on some of that work, including Windows security update availability for additional devices, our role in helping distribute available Intel firmware (microcode), and progress driving anti-virus compatibility.

2)      Microsoft was named a “Visionary” in the 2018 Magic Quadrant for Endpoint Protection Platforms. According to Gartner “Visionaries deliver in the leading-edge features — such as cloud management, managed features and services, enhanced detection or protection capabilities, and strong incident response workflows — that will be significant in the next generation of products, and will give buyers early access to improved security and management.”

3)      Starting this summer, customers can add Windows Defender ATP Endpoint Detection & Response (EDR) functionality to their Windows 7, and Windows 8.1 devices, and get a holistic view across their endpoints.

4)      Learn how Windows Defender Antivirus and artificial intelligence stopped an Emotet outbreak on February 3rd with intelligent, real-time protection against modern threats.

5)      Monthly antimalware platform updates for Windows Defender Antivirus. While keeping up-to-date with signatures and engines is a best practice, a machine that is up-to-date with both definition/engine and platform updates can have a higher protection level than a machine that is just update-to-date with definition/engine updates.

6)      Fujitsu has teamed with Microsoft to build devices with Windows 10 Pro and industry-leading biometric options including Windows Hello and palm vein authentication to prevent security attacks in the modern workplace.


1)      Microsoft like to provide you with the latest planning tools to help guide you to the best deployment process for your business. The Windows 10 Adoption Planning Kit includes the following resources: 1) Gartner Report: Making Critical Deployment Choices for Windows 10 Success, 2) End-User Readiness Assets, 3) Microsoft FastTrack Program Flyer, 4) Microsoft Press Article: Deploying Windows 10 e-Book.

2)      Print to corporate printers from Azure AD joined Windows 10 devices! We’ve just released Microsoft Hybrid Cloud Print, a print solution built specifically for Azure Active Directory-joined and Intune-managed devices. Now people in your organization can use Azure AD-joined devices to discover on-premise printers, and can print from work or from home or from anywhere else they can connect to the internet.

3)      Windows 10 Tip: 7 pro tips for getting started with Microsoft Edge as your PDF viewer.

Other news related to Windows 10…


Windows 10 News You Can Use – February 2018

Posted on

 Win10NewsLogo Windows 10 news you can use, February 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other news related to Windows 10…

Deployment & Management
  1.  Windows 10 1709 is now designated as a Semi-Annual Channel release (e.g. formerly known as Current Branch for Business).
  2. To gain insights into the health and performance of more than 300,000 Windows 10 devices, Microsoft began using Device Heath, a new service in Windows Analytics. Available through the Microsoft Operations Management Suite, Device Health analyzes telemetry and provides details about device and driver crashes. This data helps us monitor our environment and quickly resolve issues.
  3. Collecting members of the Local Administrators group via SCCM.
  4. An important feature for desktop application developers is the ability to view detailed analytics about application performance and its popularity with users. Until today, developers had difficulty accessing these analytics without cobbling together multiple tools. With the new Windows Desktop Program, developers now have a convenient, one-stop portal to view their desktop application analytics or access the data via an API. Statistics and charts quickly show how the applications are doing– from how many customers they’ve reached to detailed performance data on crashes and failures. With these analytics, developers can better track and prioritize fixes, monitor the distribution of their application, prepare and improve the overall experience for their customers.
Security & Compliance
  1. Get an end-to-end look at the security features and technologies in Windows 10 that can help you protect your data, devices, and identity. Join Windows Security Senior Product Manager Chris Hallum as he walks you through the features and tools that have shipped to date and provides insight into what’s to come. This one-hour webcast will take from place Tuesday, February 6th from 10:00 a.m. to 11:00 a.m. Pacific Time and will cover protecting data on lost and stolen devices, replacing passwords with multi-factor authentication, using data separation, containment, and encryption to help prevent accidental data leaks, and much more.
  2. Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems.  Terry Myerson, Executive Vice President, Windows and Devices Group describes the discovered vulnerabilities as clearly as possible, discusses what customers can do to help keep themselves safe, and shares what Microsoft has learned so far about performance impacts.
  3. Windows 10: Multi-layer defense against ransomware attacks. The year 2017 saw three global ransomware outbreaks driven by multiple propagation and infection techniques that are not necessarily new but not typically observed in ransomware. While there are technologies available on Windows 7 to mitigate attacks, Windows 10’s comprehensive set of platform mitigations and next-generation technologies cover these attack methods.
  4. Customers that deployed Microsoft’s security baseline for Windows 10 v1709 might have experienced device and component failures. The BitLocker GPO settings recommended in the Windows security configuration baselines for Windows 10 include enabling “Disable new DMA devices when this computer is locked” to defend against Direct Memory Access (DMA) attacks. Windows’ internal implementation underlying that Group Policy setting was modified for v1709 to strengthen its enforcement. However, the change inadvertently led to some device and component failures on v1709 that are described in KB article 4057300, including potential problems with network adapters, audio devices, and pointing devices.
  5. Exposing fileless malware attacks with Windows Defender ATP and mitigating attacks against the endpoint with next-gen security technologies in Windows 10.
  6. Data privacy will continue to be a priority towards making Windows 10 the best and most secure experience. From improving in-product control, transparency and information about your privacy, while providing a complete list of the diagnostic data collected at the Basic level, among others, to launching the Microsoft Privacy Dashboard and the enhancements we’ve made since then, we want you to be able to easily see and manage your activity data online across multiple Microsoft services.
  7. Looking for information on how Windows 10 Enterprise can enable and support HIPAA compliance, privacy, and security? Download the latest version of the “HIPAA Compliance with Microsoft Windows 10” white paper, which now includes the updates found in Windows 10, version 1709.
  8. Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attacks. In 2017, among the global enterprise customers that we worked with, these rapid cyberattacks took down most or all IT systems in just about one hour, resulting in $200M – 300M USD of damage at several customers.
  9. There has been an increase in free versions of programs that purport to scan computers for various errors, and then use alarming, coercive messages to scare customers into buying a premium version of the same program. Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed.
  1. Windows 10 Tip: Add 3D to your PowerPoint presentation in 5 steps
  2. Windows 10 Tip: Get started with the Mixed Reality Viewer app.
  3. Easily and securely manage devices –  Windows 10 helps to manage devices efficiently and cost effectively while reducing business disruptions, as you make new devices available to your employees.
  4. Fuel your creativity with powerful devices and apps – Use Surface Studio and Windows 10 to transform the way you sketch, model, and share your creative ideas.
  5. Use your device like a PC to stay productive and secure – Maintain the high level of productivity you need, wherever you are, by leveraging the seamless, secure mobile experience offered by Windows 10.
  6. Use integrated apps and devices to improve healthcare patient care – Gain secure, speedy access to lab results, specialist recommendations, patient notes, scheduling, and more from your Microsoft 365 powered device and your clinic’s integrated apps.
  7. Streamline healthcare lab operations while ensuring compliance – Improve your lab’s testing operations and ensure regulatory compliance by using powerful, modern devices.

Windows 10 News You Can Use – January 2018

Posted on

 Win10NewsLogo Windows 10 news you can use, January 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other news related to Windows 10…

Deployment & Management

1)      Visual Studio 2017 15.4 introduced the new Windows Application Packaging project to help you modernizing your application by using the new Windows 10 App Deployment Stack.

2)      Add Conditional Access to your Windows 10 VPN with Intune and Azure AD.

3)      Windows Analytics accelerates enterprise Windows 10 migration. With Update Compliance and Device Health services now generally available, Windows Analytics provides an end-to-end upgrade solution with actionable insights into device performance, reliability, and health, so enterprises can broadly migrate their devices from Windows 7 or Windows 8 to Windows 10 or update Windows 10 devices to the latest feature update (Windows 10, version 1709) quickly and with confidence.

4)      Troubleshooting Windows AutoPilot (level 300/400).

5)      Blog post about file association configurations in Windows 10 that, after reading it, and you will be able to configure file associations in Windows 10 avoid this notification: An app default was reset.

6)      Build your own Windows 10 VPN lab and configure it with Intune.

7)      IT pros – join us on Tuesday, January 16th for an opportunity to “Ask Microsoft Anything” (AMA) about Windows Analytics. Members of the engineering and product teams will be standing by to answer your questions and listen to your feedback about Upgrade Readiness, Update Compliance, Device Health, and the future roadmap for Windows Analytics.

8)      Different from the Windows Insider Program for Business, the Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release Enterprise Privacy and Security features.

9)      Using ConfigMgr co-management to offload Windows 10 updates to Microsoft Intune.

Security & Compliance

1)      Download the Windows Defender Advanced Threat Protection (WDATP) kit and learn how security solutions built into the operating system can help you detect, investigate, and respond to advanced attacks and data breaches on your networks. In addition, learn about the cost savings and business benefits enabled by WDATP.

2)      In this blog, we explore how Windows Defender ATP (WDATP), makes use of AMSI inspection data to surface complex and evasive script-based attacks. We look at advanced attacks perpetrated by the highly skilled KRYPTON activity group and explore how commodity malware like Kovter abuses PowerShell to leave little to no trace of malicious activity on disk. From there, we look at how WDATP machine learning systems make use of enhanced insight about script characteristics and behaviors to deliver vastly improved detection capabilities.

3)      Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and detection. In this blog post we’ll look at how additional automated analysis and machine learning models can further protect customers within minutes in rare cases where initial classification is inconclusive.

4)      Microsoft Mechanics’ look at the recent updates to Windows Hello for Business. We’ll show you why it’s even more secure than a password. You’ll see new protections for when you are in a public place or for when you are away from your device.

5)      Learn how to address cybersecurity with these snackable security videos on the Microsoft in Business YouTube channel.  Includes Windows 10 security videos such as:

o   Why is Patching Important and What is Windows as a Service?

o   Why Layers of Security are Important

o   What is Windows Defender ATP?
6)      Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI.

7)      The GDPR is compelling every organization to consider how it will respond to today’s security and compliance challenges. Read this white paper for an in-depth exploration of the GDPR and its implications for organizations, how the capabilities of Microsoft 365 Enterprise edition can help your organization approach GDPR compliance and accelerate your journey, and what you can do to get started now.


1)      Windows 10 Tip: Get started with Continue on PC in the Microsoft Edge mobile app.

2)      We are again at the beginning of another major technology shift: the ability to be connected anytime, anywhere with Always Connected PCs that are instantly on, always connected with incredible battery life.

3)      In the new world of work, advanced professions increasingly require high-performance computing capabilities. We’re working to ensure Windows meets your needs, even in demanding and mission-critical scenarios.  Join us for a look at the key benefits of Windows 10 Pro for Workstations, which was announced in August.

4)      Windows 10 Tip: How to recover your pin and password from the lock screen.


Windows 10 News You Can Use – December 2017

Posted on Updated on

Windows 10 news you can use, December 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other related news…

  • By running Windows 10 with Office 365 ProPlus and Enterprise Mobility + Security, you can simplify the way you deploy and manage devices, deliver the latest innovations to users, and get robust insights to help you proactively run and manage your IT processes—with intelligent security built in every step of the way.  Register today to join us on Tuesday, December 5th from 10:00 a.m. to 11:00 a.m. Pacific Time to learn how to help protect your data and devices from the latest threats, transition to cloud-based management at your own pace, roll out updates for Windows and Office in a streamlined way without impacting user productivity, and more.
  • Rapid cyberattacks like NotPetya and WannaCrypt were able to take down all IT systems at global enterprises in about an hour, creating a new challenge for IT and Security leadership and practitioners to manage. Join us to learn about these attacks and Microsoft’s prescriptive roadmap of recommended mitigations to protect your organization against this type of attack.
  • Learn from Microsoft Mechanics about the spectrum of built-in security defenses that protect your users, information and devices. This rich capability set spans Windows 10, Office 365, enterprise mobility and security, while leveraging a number of services within Microsoft Azure. To go even deeper, check out Deep Dive into Microsoft 365 Intelligent Security.
Deployment & Management

1)      Do the employees in your enterprise forget their passwords? Good news! The new Windows 10 Fall Creators update allows users with Azure AD-joined (AADJ) devices to see a “Reset password” link on their lock screen. When they click this link, they will be brought to the same self-service password reset (SSPR) experience they see when signing in from a browser.

2)      We are delighted to announce that we have released version 1710 for System Center Configuration Manager that includes new features and product enhancements!

3)      Step-by-step guide on how to use an Azure AD cloud-only identity to access an on-premises, non-cloud resource.

4)      Infographic: Start a practical move to modern Windows 10 management with Microsoft Enterprise Mobility + Security (EMS). See how you can use co-management with System Center Configuration Manager (ConfigMgr) and Intune to transition to a modern management approach in a controlled, iterative way.

5)      What’s new in Hyper-V for Windows 10 Fall Creators Update?

6)      Windows 10 Deployment: Tips and Tricks from Microsoft IT.

7)      Architectural planning posters for Windows 10, including for clean install, in-place upgrades, AutoPilot, servicing, and protection solutions.

8)      How to upgrade ConfigMgr to the latest version along with upgrading OS and SQL.

Security & Compliance

1)      Microsoft Windows 10 offers many new native security and privacy capabilities that potentially reduce organizations’ reliance on third-party endpoint security solutions. When taken together, these capabilities improve the risk posture of your endpoint environment and significantly reduce exposure to OS- and application-level exploits. This report explains to risk and security professionals the best ways to utilize the new Windows 10 security features while keeping users’ privacy intact.

2)      We’re excited to announce three leading security companies – Bitdefender, Lookout, and Ziften – are partnering with us to enable Windows Defender Advanced Threat Protection (ATP) to detect, protect, and respond to security threads on macOS, Linux, iOS, and Android devices.

3)      Clarifying the behavior of mandatory Address Space Layout Randomization (ASLR) using Windows Defender Exploit Guard (WDEG) in Windows 10.

4)      Overview of new security capabilities in Windows 10 1709.


1)       What’s new [for the user experience] in the Windows 10 Fall Creators Update

2)      What’s New in Microsoft Edge in the Windows 10 Fall Creators Update

3)      Designing devices for the new culture of work 

4)      Introducing Surface Book 2, the most powerful Surface Book ever 

5)      Windows 10 Tip: Work more efficiently with MyAnalytics, it can help you managed relationships with important people, prioritize your time and track the reach and influence of your email communications.

6)      Windows 10 Tip: Get started with the Windows 10 Maps app


Windows 10 News You Can Use – November 2017

Posted on Updated on


Windows 10 news you can use, November 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other related news…


Deployment & Management

1)      Register today for exclusive access to a one-hour, demo-rich webcast showcasing solutions that can help you monitor and proactively improve your experience with Windows 10 upgrades, update deployment, and device management.  Webcast will be Tuesday 11/7/2017.

2)      Administrative Templates (.admx) for Windows 10 Fall Creators Update (1709)

3)      Update 1710 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.

Security & Compliance

1)      Microsoft Mechanics, live at Ignite 2017: Real tales of [recent] attacks and the defenses in Windows 10 to stop them

2)      Browser security beyond sandboxing

3)      Final release of the recommended security configuration baseline settings for Windows 10 1709

4)      Mobile, collaborative, and secure—Using Windows Information Protection to protect corporate data.  IT Showcase case study (30-minute video) that outlines how Microsoft IT is using Windows Information Protection.

5)      Forrester Research recently released a report (available for purchase) which explains to risk and security professionals the best ways to utilize the new Windows 10 security features while keeping users’ privacy intact.


1)      What’s new [for the user experience] in the Windows 10 Fall Creators Update

2)      What’s New in Microsoft Edge in the Windows 10 Fall Creators Update

3)      Designing devices for the new culture of work 

4)      Introducing Surface Book 2, the most powerful Surface Book ever 

5)      Windows 10 Tip: Work more efficiently with MyAnalytics, it can help you managed relationships with important people, prioritize your time and track the reach and influence of your email communications.

6)      Windows 10 Tip: Get started with the Windows 10 Maps app

Evaluating Windows Defender Antivirus with ConfigMgr

Posted on Updated on

A standard today’s threat landscape is to not rely on antivirus alone and other mechanisms of endpoint security should be in place to mitigate threats.  However,  having a solid AV is still beneficial. In the past year, Windows Defender Antivirus (WDAV) in Windows 10 and Server 2016 has made great strides to provide next-generation antivirus protection.  More and more organizations are beginning to realize this and consider using it to displace their age-old, costly platforms.

If you’re in the same position and are wondering how you might approach an evaluation of WDAV, consider the following high-level steps as I envision it.  First and foremost however, Microsoft has also published prescriptive guidance for evaluating WDAV outside of ConfigMgr, including a downloadable PDF.  I recommend reviewing that information in it’s entirety before taking action. It is also highly advised that you watch the recent session from Ignite 2017 – Next-Gen AV: Windows Defender Antivirus unleashed – BRK3063.

  1. Upgrade ConfigMgr to the current branch model to support the latest Windows 10 releases (note: please first ensure that you’re licensed for ConfigMgr current branch!!)
  2. Review and pre-determine the desired WDAV settings, such as:
    • Network bandwidth to override any BITS restrictions – note that any BITS client settings defined in these clients settings will override other client settings only if given a higher priority and will impact the rest of BITS configurations
    • Auto-uninstall other AV products
    • Real-time protection exclusions (ConfigMgr has templates available as well)
    • WDAV specific capabilities available in Win10 1703, such as:
      • Cloud protection options
      • Potentially unwanted programs
      • WDAV offline scanning
      • End-user interactions with the WDAV interface
      • End-user notifications
  3. Follow the 5 steps outlined for setup of ConfigMgr for WDAV management, which includes instructions for both server and clients, but does not include common instructions such as using collections, reporting, or setup of RBAC
  4. Additional ConfigMgr server/client setup considerations:
  5. Optional: Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment

To test the WDAV deployment and functionality:

  1. Assign the WDAV ConfigMgr client policy to the collection
  2. Ensure policy is delivered and has the appropriate priority to take effect
  3. Verify prior AV is uninstalled and WDAV becomes active
  4. Monitor the user experience as well as one potential risk may be that the uninstall of prior AV may need a restart of Windows to ‘unload’ executions in memory
  5. Perform AV protection tests as desired using the WDAV testground (hosted by Microsoft) as well as other standard testing by your security personnel
  6. Review alerts in the ConfigMgr console and reports

Note: to learn more about the security defense in-depth, see some of these recent sessions.