It’s just a few months until the Spring 2017 release of the Windows 10 Creators Update. With that in mind, here is an overview of the enterprise features coming to the next Windows 10 software distribution, and an important milestone for the Windows 10 Anniversary Update.
Windows 10 Anniversary Update now part of Current Branch for Business
The Windows 10 Anniversary Update release, also known as Windows 10 1607, is now part of Current Branch for Business (CBB), and is ready for enterprise deployment. This brings our Windows as a service vision closer to reality, as our most significant release of Windows 10 so far has been validated using the feedback from our partners, OEMs, and customers who tested the Anniversary Update in pilots and proofs of concept. With the Anniversary Update now part of CBB, and since Windows 10 only supports two CBB releases at any time, Windows 10 version 1507 will receive its final patches in March 2017 after it enters into the 60-day grace period for updates this month (January 2017). With millions of devices running the CBB version 14393.447 installed by KB 3200970 or any later update, as indicated on the Windows 10 release information page, organizations can be assured Windows 10 1607 is fully ready for them.
As the most secure version of Windows ever, using a Protect, Detect, and Respond strategy, the Anniversary Update running in CBB drives stability in our OS and confidence for our customers. With the number of ransomware encounters increasing by 400% from December 2005 to July 2016, older versions of Windows are more likely to encounter security threats. Devices running Windows 10 are 58% less likely to encounter ransomware (download this PDF for more information) and other exploits than devices running Windows 7.
Windows 10 Creators Update enterprise features
The Windows 10 Creators Update that was announced in October will democratize mixed reality and 3D. Empowering our end users to do more was just the start, and the Windows 10 Creators Update will also deliver new features for modern IT, including a new mobile application management feature, in-place UEFI conversion, and continued improvements to Windows as a service.
Security intelligence across cloud and devices
Enterprise security is a critical consideration for customers, and the Creators Update will simplify the monitoring and tracking of security events through a central portal called the Windows Security Center. Linked to Office 365 Advanced Threat Protection via the Microsoft Intelligent Security Graph, the Windows Security Center will allow IT admins to follow an attack from endpoints and email in an integrated manner.
We’re adding new actions and insights in Windows Defender Advanced Threat Protection to investigate and respond to network attacks, including enriched detection, enriched intelligence, and enhanced remediation.
We will expand WDATP sensors to detect threats that persist only in memory or kernel level exploits. This will enable IT administrators to monitor loaded drivers and in-memory activities, and to detect various patterns of injection, reflective loading, and in-memory modifications indicating potential kernel exploits.
Microsoft maintains a Threat Intelligent (TI) database that sources information from over 200B of scanned emails for malware, and over 350B monthly authentications, we are also enriching our database through third party industry partners like FireEye iSIGHT Threat Intelligence. In the Creators Update, we’ll enable IT administrators to add their own intelligence into the Windows Security Center for alerts on activities based on their own indicators of compromise. This added level of insight will enrich machine learning models to identify and block malware more quickly and better protect their unique environment.
New remediation actions in Windows Defender Advanced Threat Protection will give IT admins the tools to isolate machines, collect forensics, kill and clean running processes, and quarantine or block files with a single click in the Windows Security Center.
Video: Windows Defender Advanced Threat Protection for Windows 10 in the Creators Update
The Windows 10 Creators Update includes new capabilities that address customer feedback:
- Automatic step-up to Windows 10 Enterprise for those with appropriate Windows subscriptions
- Automatic bulk enrollment into Azure Active Directory
- For existing PCs, an automated tool that can be used to help with the process of moving from BIOS to UEFI, needed to support new security features like Secure Boot
In-place UEFI conversion
Some customers that want to take advantage of new Windows 10 security features like Device Guard can’t do so on their existing devices because it requires UEFI-enabled hardware. Additionally, customers with UEFI-enabled hardware that had Windows 7 installed using legacy BIOS, required IT to physically touch each device to convert it to UEFI since IT would have to repartition the disc and reconfigure the firmware. With the Creators Update, we will introduce a simple conversion tool that automates this work, and integrates the conversion tool into the Windows 7 to Windows 10 in-place upgrade process executed by management software, such as System Center Configuration Manager.
Mobile application management
The Creators Update will introduce mobile application management, a new feature that protects data on personal devices without requiring the device to be enrolled in a mobile device management solution. This makes end users happier and more productive – they can use their personal devices to access work apps and content without giving control to IT, but IT can block access to those files if a user leaves the organization.
Video: Managing BYOD with the Windows 10 Creators Update
Windows as a service improvements
Many customers have expressed concerns about the size of the two-to-three times per year feature updates and the monthly quality updates. We will soon be adding express update support to Windows 10 to reduce the monthly download size by 90% for customers using System Center Configuration Manager or third-party management or patching products. Later this year, we will enable a new differential feature update capability that is expected to reduce the download size by about 35% over the current sizes. These changes, combined with peer-to-peer capabilities offered with BranchCache and Delivery Optimization features, ensure that the impact of Windows as a service on your network is minimized.
Over the next few weeks, some of the Creators Update features will start to show up in Windows Insider builds. If you are not already a Windows Insider, join today and provide your feedback to help shape the Windows experience.