Windows 10 Glossary

When it comes to Windows 10, there is a great number of new features and functionalities, new tools, new terminology, and new opportunities to advance the business world in security and in enabling a mobile workforce.  Plus, that number does not include any of the things from the days of old and new things on the Windows 10 roadmap.  It can be dizzying to remember it all.  With a new generation of IT professional coming to market, I felt that it would be beneficial to have a single ‘glossary’ to reference.

The list below is a compilation of anything related to Windows 10 and systems management that I have either known myself, or have discovered along the way.  I hope that the list, the brief descriptions, and resource links will prove to be helpful to both the IT professional and any business exploring Windows 10.  Although it is not yet complete, it is a good starting point.

Are you an IT professional looking to learn more about Windows 10?  The following links can be useful.

Last Update 3/6/2017
Version 1.1

  1. Action Center
  2. Advanced Group Policy Management (AGPM)
    • Part of the MDOP tool suite for customers with a Software Assurance agreement with Microsoft
    • Client/server application. The AGPM Server stores Group Policy Objects (GPOs) offline in the archive that AGPM creates on the server’s file system. Group Policy administrators use the AGPM snap-in for the Group Policy Management Console (GPMC) to work with GPOs on the server that hosts the archive. Understanding the parts of AGPM and related items, how they store GPOs in the file system, and how permissions control the actions available to each user role can improve Group Policy administrators’ effectiveness with AGPM.
    • More info: https://technet.microsoft.com/en-us/itpro/mdop/agpm/technical-overview-of-agpm
  3. Application Compatibility Toolkit
    • Helps to assess the compatibility of applications, devices, and computers in an organization with newer versions of Windows.
    • Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Some applications that interface with Windows at a low level, those that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
    • More info: https://technet.microsoft.com/en-us/library/mt243973.aspx
    • See also: Windows 10 compatibility
  4. AppLocker
  5. Application Virtualization (App-V)
    • Part of the MDOP tool suite for customers with a Software Assurance agreement with Microsoft
    • Microsoft Application Virtualization (App-V) 5.1 enables administrators to deploy, update, and support applications as services in real time, on an as-needed basis. Individual applications are transformed from locally installed products into centrally managed services and are available wherever you need, without the need to preconfigure computers or to change operating system settings.
    • More info: https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/getting-started-with-app-v-51
  6. Assigned Access (aka “kiosk mode”)
    • Use assigned access to set up single-function devices, such as restaurant menus or displays at trade shows. If an account is configured for assigned access, a Windows app of your choosing runs above the lockscreen for the selected user account. Users of that account cannot access any other functionality on the device.
    • From: https://msdn.microsoft.com/en-us/library/windows/hardware/mt620040.aspx
  7. Automated Deployment Toolkit (ADK)
  8. Azure AD Join
  9. BitLocker Disk Encryption
  10. BranchCache
    • BranchCache is a feature of Windows that allows peer-to-peer network sharing of business related data.
    • For Windows 10, BranchCache functionality for BITS, HTTP, and SMB is only available to the Enterprise and Education editions.  However, support for BITS is available to Windows 10 Professional edition.
    • More info: BranchCache in Windows Server 2016 (currently in tech preview)
    • See also: BranchCache experts at 2Pint Software
  11. Compact OS
    • Windows 10 includes tools to help you use less drive space. You can now compress the files for the entire operating system, including your preloaded desktop applications.
    • Compact OS lets you run the operating system from compressed files (similar to WIMBoot in Windows 8.1 Update 1), and single-instancing helps you run your pre-loaded Windows desktop applications in compressed files.
    • From https://msdn.microsoft.com/en-us/library/windows/hardware/dn940129.aspx
  12. Companion Devices
  13. Company Portal
    • The Company Portal is a Universal application for Windows 8.x and newer that allows user to view and install software from System Center ConfigMgr.
    • This contrasts with the Company Portal application for mobile devices (not just Windows) that are managed by Microsoft Intune.  However, in Windows 10 and the CSP, we do have the option to manage Windows as a device with CSP.
    • More info: https://www.microsoft.com/en-us/download/details.aspx?id=40795
    • See also: Universal Apps, CSP
  14. Configuration Service Provider (CSP)
  15. Connected Standby
  16. Continuum
  17. Cortana
  18. Cortana Analytics
  19. Credential Guard
    • Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them
    • Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket
    • Can’t be accessed by debug tools
    • Isolation occurs with Win10 Enterprise + TPM 2.0 + UEFI 2.3.1 + supported processor virtualization extensions (Intel VT-x or AMD-V)
    • More info: https://technet.microsoft.com/en-us/library/mt483740.aspx
  20. Credential Locker
    • Credential Locker is a service that creates and maintains a secure storage area on the local computer that stores user names and passwords the user saved from websites and Windows universal apps. Credential Locker is accessed through Credential Manager in Control Panel as part of the local User Account management feature.
    • More info: https://technet.microsoft.com/en-us/library/jj554668.aspx
  21. Data Execution Prevention (DEP)
  22. Data Loss Prevention (DLP)
  23. Device Encryption
    • Device encryption enforcement (in Azure AD Premium)
    • Encrypt and recover your device with Azure Active Directory. In addition to using a Microsoft Account, automatic Device Encryption can now encrypt your devices that are joined to an Azure Active Directory domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Azure Active Directory. This will make it easier to recover your BitLocker key online.
    • Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. The following list outlines the way this is accomplished
    • More info: https://technet.microsoft.com/library/dn306081.aspx#BKMK_Encryption
    • See also: BitLocker, TPM
  24. Device Guard
  25. Device Health Attestation Service
  26. Diagnostic and Recovery Toolset (DaRT)
    • Part of the MDOP tool suite for customers with a Software Assurance agreement with Microsoft
    • DaRT helps troubleshoot and repair Windows-based computers. This includes those computers that cannot be started. DaRT is a powerful set of tools that extend the Windows Recovery Environment (WinRE).
    • By using DaRT, you can analyze an issue to determine its cause, for example, by inspecting the computer’s event log or system registry. DaRT supports the recovery of basic hard disks that contain partitions, for example, primary partitions and logical drives, and supports the recovery of volumes.
    • More info: https://technet.microsoft.com/en-us/itpro/mdop/dart-v10/about-dart-10
    • More info: Creating the DaRT 10 Recovery Image
  27.  DirectAccess
  28. Dynamic Provisioning
    • A new concept and deployment scenario of Windows 10 devices.  The idea is that rather than having to “reimage” a computer with a deployment tools (like SCCM or MDT) in order to achieve an specific configuration of the device, we can now approach it as just an in-place conversion of Windows 10.
    • More info: https://technet.microsoft.com/en-us/library/mt282208.aspx#dynamic_provisioning
  29. Dynamic Updates
    • During an unattended setup of Win10, Dynamic Updates search for new Windows Setup files, including drivers and other files, to be used to install the Windows operating system.
    • More info: Using Dynamic Updates in a Managed Environment
  30. Edge (Internet browser)
  31. Editions
  32. Elliptic curve cryptography (ECC)
  33. Enhanced Mitigation Experience Tools (EMET)
    • EMET helps protect against new and undiscovered threats even before they are formally addressed through security updates or antimalware software.
    • EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques.
    • More info: https://technet.microsoft.com/en-us/security/jj653751
  34. Enterprise Mode and Site Discovery (for IE 11)
    • Web app compatibility can be a significant cost to upgrading browsers because web apps need to be tested and upgraded before adopting a new browser.
    • Improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to the latest version of IE.
    • In particular, IE11 benefits from modern web standards, increased performance, improved security, and better reliability.
    • More info: https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode
  35. Enterprise State Roaming
  36. Entitlement
  37. Fast Startup
    • Fast startup mode is available to start a computer in less time than is typically required for a traditional, cold startup. A fast startup is a hybrid combination of a cold startup and a wake-from-hibernation startup. Frequently, kernel-mode device drivers need to distinguish fast startups from wake-from-hibernation so that that their devices behave as users expect.
    • From: https://msdn.microsoft.com/en-us/library/windows/hardware/jj835779.aspx
  38. Granular UX Control
    • Capability of Windows 10 Enterprise and Education editions
    • Advanced granular UX control empowers IT, using device management policies, to customize and lock down the Windows device user experience for task-workers, kiosks, and IoT functions, so only a specific task can be performed.
  39. Group policy templates for Windows 10
  40. Holo Lens
  41. Kiosk mode
    • See: Assigned Access
  42. KMS / MAK licensing
  43. Local Administrator Password Solution (LAPS)
    • Provides a centralized storage of secrets/passwords in Active Directory (AD) – without additional computers.
    • Each organization’s domain administrators determine which users, such as helpdesk admins, are authorized to read the passwords.
    • More info: https://technet.microsoft.com/en-us/mt227395.aspx
  44. LayoutModification XML
  45. Lockdown XML
  46. Microsoft BitLocker Administration & Monitoring (MBAM)
    • Part of the MDOP tool suite for customers with a Software Assurance agreement with Microsoft
    • Microsoft BitLocker Administration and Monitoring (MBAM) provides enterprise management capabilities for BitLocker and BitLocker To Go.
    • MBAM simplifies deployment and key recovery, provides centralized compliance monitoring and reporting, and minimizes the costs associated with provisioning and supporting encrypted drives
    • More info: https://technet.microsoft.com/itpro/mdop/mbam-v25/about-mbam-25
  47. Microsoft Desktop Optimization Pack (MDOP)
    • Set of additional tools to enhance the Windows desktop computing experience,
    • Includes technologies listed in the glossary, such as App-V, UE-V, and DaRT
    • Available to customers with a Microsoft Enterprise Agreement (EA) + Software Assurance (SA)
    • More info: https://technet.microsoft.com/en-us/windows/mdop.aspx
  48. Microsoft Deployment Toolkit (MDT)
  49. Microsoft Passport
  50. Microsoft Secure Boot
    • Requires UEFI
    • Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer.
    • When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system.
    • From: https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview
  51. Mobile Device Management (MDM)
  52. Open Mobile Alliance and Device Management (OMA-DM)
    • Technology uses messages to configure CSPs
    • The “WMI bridge” providers all technologies such as ConfigMgr and Intune to set the CSPs
    • ConfigMgr can do some of these CSPs today
  53. Project Sienna
  54. Provisioning Package
  55. Quick Assist
    • Microsoft Quick Assist is an app in Windows 10 that enables two people to share a computer over a remote connection so that one person can help solve problems on the other person’s computer. Here’s how it works:  The person who needs help requests assistance from a helper (either a friend or Microsoft Support). Both start Quick Assist and the helper sends a security code to the person who needs help. The person who needs help enters the code and gives permission to the helper who is then able to take control of that person’s computer and provide assistance over the remote connection.
    • From: What is Quick Assist?
    • More info: Quick Assist FAQ
  56. Raspberry Pi
    • The Raspberry Pi is a tiny and affordable computer that you can use to learn programming through fun, practical projects.
    • Runs Windows 10 IoT
    • More info: https://www.raspberrypi.org/
  57. Recovery image
  58. Recovery boot menu
    • In prior versions of Windows (such as Win7), pressing the F8 key during startup of the Windows would give the ‘safe mode’ startup menu.  It’s now pressing the shift key, while restarting Windows at the login screen.
  59. Remote wipe
  60. Rings
  61. Secure desktop
    • UAC background process that is isolated and protected
  62. Security auditing
    • Security auditing is one of the most powerful tools that can be used to maintain the integrity of your system. As part of your overall security strategy, you should determine the level of auditing that is appropriate for your environment. Auditing should identify attacks (successful or not) that pose a threat to your network, and attacks against resources that you have determined to be valuable in your risk assessment.
    • More info: https://technet.microsoft.com/en-us/library/mt431897.aspx
    • See also: Windows 10 Security Auditing and Monitoring Reference
  63. Security policy settings
    • Security policy settings are rules that administrators configure on a computer or multiple devices for the purpose of protecting resources on a device or network. The Security Settings extension of the Local Group Policy Editor snap-in allows you to define security configurations as part of a Group Policy Object (GPO).
    • More info: https://technet.microsoft.com/en-us/library/mt634226.aspx
  64. Servicing Branches
  65. Servicing Branch: Current Branch
    • Full set of apps such as the Windows Store, Edge browser, and Cortana
    • Security and feature updates delivered in real time
  66. Servicing Branch: Current Branch for Business (CBB)
    • Full set of apps such as the Windows Store, Edge browser, and Cortana
    • Security updates delivered in real time
    • Feature updates delivered after they have been tested by consumers/insiders
    • Some number of months after the release of a new feature upgrade, security updates will be dependent on that new feature upgrade.
  67. Servicing Branch: Long Term Servicing Branch (LTSB)
  68. Software Assurance
  69. System Center Configuration Manager (ConfigMgr)
  70. Surface Hub
  71. Surface Pro / Surface Book
  72. Toast Notifications
  73. Telemetry
  74. Trusted Boot
    • Trusted Boot is a Windows feature that secures the entire Windows boot process. It prevents malware from hiding and taking up permanent residence within the PC by ensuring none of the Windows components loaded during boot have been tampered with.
    • Ensures that anti-malware software is loaded before any third-party drivers and applications using its Early Launch Anti-Malware (ELAM) capability. This prevents malware from inserting itself in front of the anti-malware engine so that it can compromise the anti-malware engine’s ability to protect the system. In the event that malware was able to successfully compromise the any of the Windows boot process, Trusted Boot will attempt to automatically remediate the issue.
    • More info: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-countermeasures#protection-during-startup
  75. Trusted Platform Module (TPM)
  76. Two-factor authentication
  77. Unified Extensible Firmware Interface (UEFI)
    • When the devices starts, the firmware interface controls the booting process of the PC, and then passes control to Windows or another operating system.
    • UEFI is a replacement for the older BIOS firmware interface and the Extensible Firmware Interface (EFI) 1.10 specifications.
    • More than 140 leading technology companies participate in the Unified EFI Forum, including AMD, AMI, Apple, Dell, HP, IBM, Insyde, Intel, Lenovo, Microsoft, and Phoenix Technologies.
    • From: https://msdn.microsoft.com/en-us/windows/hardware/commercialize/manufacture/desktop/uefi-firmware
  78. Universal Apps
  79. Update Rings
  80. User Account Control (UAC)
    • User Account Control helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
    • More info: https://technet.microsoft.com/en-us/library/mt437606.aspx
  81. User Experience Virtualization (UE-V)
    • Part of the MDOP tool suite for customers with a Software Assurance agreement with Microsoft
    • Capture and centralize your users’ application settings and Windows OS settings by implementing Microsoft User Experience Virtualization (UE-V). Then, apply these settings to the devices users access in your enterprise, like desktop computers, laptops, or virtual desktop infrastructure (VDI) sessions.
    • With UE-V you can: 1) Specify which application and desktop settings synchronize, 2) Deliver the settings anytime and anywhere users work throughout the enterprise, 3) Create custom templates for your third-party or line-of-business applications, 4) Recover settings after hardware replacement or upgrade, or after reimaging a virtual machine to its initial state
    • More info: https://technet.microsoft.com/itpro/mdop/uev-v2/index
  82. Virtual Secure Mode
  83. Virtual TPM
  84. VPN – profile options
  85. VPN – Per App
  86. VPN – Lock down
  87. Wi-Fi Sense
  88. Windows Ink
  89. Windows 10 for Education
  90. Windows 10 Internet of Things (IoT)
  91. Windows 10 Mobile / Mobile Enterprise
  92. Windows as a Service
    • With Windows 10, a new model is being adopted. Instead of new features being added only in new releases that happen every few years, the goal is to provide new features two to three times per year, continually providing new capabilities while maintaining a high level of hardware and application compatibility.
    • This new model, referred to as Windows as a service, requires organizations to rethink how they deploy and upgrade Windows. It is no longer a project that happens “every few years”; it is a continual process.
    • More info: https://technet.microsoft.com/en-us/itpro/windows/plan/windows-10-servicing-options
    • See also Managing WaaS in ConfigMgr
  93. Windows Biometric Framework
  94. Windows Defender
  95. Windows Defender Advanced Threat Protection (WDATP)
  96. Windows/Device Health Attestation Service
    • Even managed devices can be compromised and become harmful. Organizations need to detect when security has been breached and react as early as possible in order to protect high-value assets.  As Microsoft moves forward, security investments are increasingly focused on security preventive defenses and also on detection and response capabilities. Windows 10 is an important component of an end-to-end security solution that focuses not only on the implementation of security preventive defenses, but adds device health attestation capabilities to the overall security strategy.
    • Enables enterprise IT managers to assess the health of managed devices and take enterprise policy actions.
    • Essentially a new form of conditional access that is used to access cloud features
    • Locks out the user if malicious changes occur, such as a jailbreak
    • Has a configuration service provider (CSP)
    • From https://msdn.microsoft.com/en-us/library/windows/hardware/dn934876.aspx
  97. Windows Hello
  98. Windows Information Protection
  99. Windows Imaging and Configuration Designer (WICD)
  100. Windows Insider
  101. Windows provisioning framework
    • The Windows Provisioning framework exposes the customizable OS settings that OEMs and Enterprise IT Pros can set to modify the UI for various Windows editions, connectivity settings, and user experience to better fit their product market or production environment needs.
    • This can include adding apps, wallpapers, modifying icons and layouts, configuring network settings using device management, changing defaults in configuration settings, and adding brand-specific art and sounds to the OS.
    • More info: https://msdn.microsoft.com/en-us/library/windows/hardware/dn898375.aspx
    • See also: WICD, Provisioning Package, Dynamic Provisioning
  102. Windows servicing
  103. Windows spotlight (lock screen)
  104. Windows Store for Business
  105. Windows To Go
  106. Windows Update for Business (WUfB)