Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) is now available via Windows Update for Business, Windows Server Update Services (WSUS), the Volume Licensing Servicing Center (VLSC), and Visual Studio Subscriptions. We have also updated the Windows Assessment and Development Kit (Windows ADK) for Windows 10 and the free, 90-day Windows 10 Enterprise Evaluation.
Windows 10, version 1709 is the fourth feature update for Windows 10, offering IT professionals a comprehensive set of intelligent security solutions, streamlined deployment and management options, and proactive insights to help protect data and devices, save time, and reduce costs. We recommend that you test the newest features and functionality in this Semi-Annual Channel release now in preparation for broad deployment to the devices in your organization.
To see some of these features in action, register today for a one-hour webcast with live Q&A with Michael Niehaus and myself at 10:00 a.m. Pacific Time on Thursday, November 2nd. We’ll have engineering and product team experts standing by to answer any questions you may have about this release—and Michael and I will answer some questions on air toward the end of the hour.
Now, on to a summary of what’s new and what’s changed for IT pros in Windows 10, version 1709. For a summary of the top new features for end users, see the Windows Blog. For a quick summary (in less than 3 minutes), check out this video:
What’s new for IT professionals
- Windows AutoPilot – self-service deployment for Windows 10 devices so that devices can be configured at the hardware vendor, shipped directly to end users, and, once the user logs on, joined to Azure Active Directory (Azure AD) and enrolled in Microsoft Intune in just minutes
- Windows 10 Subscription Activation – deploy Windows 10 Enterprise to subscribed users with no keys or reboots
- Windows 10 Automatic Redeployment – quickly reset a device to a known, fully-configured state while maintaining MDM management and Azure AD connection
- Hyper-V – new Virtual Machine Gallery, automatic checkpoints so you can always revert, virtual battery support
- Ability to register Azure AD domains with the Windows Insider Program for Business
- New policies in Windows Update for Business for managing Windows Insider Program enrollment
- New Settings UX for Delivery Optimization provides clear view of bandwidth savings and activity details for uploads and downloads
- Windows Defender Advanced Threat Protection (Windows Defender ATP) enhancements:
- Now a full suite of security solutions that includes Windows Defender Application Guard, Device Guard (now Windows Defender Device Guard), Credential Guard (now Windows Defender Credential Guard), Windows Defender Firewall, and Windows Defender Antivirus.
- Security operations dashboard provides a single pane of glass across the Windows security stack, enabling you to do more and respond quickly to attacks.
- Security analytics dashboard allows you to quickly assess your organization’s security posture, see machines that require attention, and get a list of actions to further reduce your attack surface.
- New security graph APIs so you can use Windows Defender ATP data with other security information and event management systems.
- Windows Defender Application Guard - uses Hyper-V to create sandboxed browser sessions using Microsoft Edge, isolates potential malware and exploits downloaded via the browser and isolates and contains the threat
- Windows Defender Exploit Guard – a set of intrusion prevention capabilities offering many of the mitigations previously part of EMET, specifically:
- Exploit protection – automatically applies exploit mitigation techniques to the OS and individual apps, configured[i] using the Windows Defender Security Center app or Windows PowerShell
- Attack surface reduction – set of rules targeting and preventing actions and apps typically used by exploit-seeking malware
- Network protection – prevents users from using any application to access dangerous domains that may host phishing scams, exploits, or other malicious content
- Controlled folder access - anti-ransomware feature, that, when enabled, makes it so that only the apps you approve can access Windows system files and data folders
- Windows Information Protection – can be deployed along with Office 365 using Azure Information Protection
- Windows Hello for Business – ability to configure a device to automatically lock and unlock based on location and user proximity
- BitLocker – minimum PIN length has been changed from 6 to 4 (default is 6)
- Improved warning prompts for end users for apps that are blocked by enterprise policies
- Removal of SMBv1 from clean installs (SMBv1 components will continue to be included on upgrades where they are already installed)
- Co-management – the ability to manage a Windows 10 device using Configuration Manager and Intune (or third-party MDM) at the same time (Have questions? Join the Co-management “Ask Microsoft Anything” event Thursday, October 19 from 9:00 a.m. to 10:00 a.m. Pacific Time.)
- Ability to use Group Policy to trigger auto-enrollment to MDM for Azure AD domain joined devices
- New MDM settings, including settings that allow you to:
- Have your MDM server check if there’s a traditional management agent already on the device, and which settings that traditional agent has configured
- Deploy and configure Windows Defender Application Guard
- Configure security baseline settings (such as account and logon policies)
- Configure Windows Firewall rules
- New kiosk configuration and management features (multi-app scenarios, simplified lockdown configurations)
- Always On VPN – remote computers and devices are always connected to your organization network when they are turned on and Internet connected
- Windows Analytics Upgrade Readiness enhancements, including improved application compatibility assessment and post-upgrade health reports
- Windows Analytics Update Compliance is now generally available and has new capabilities that allow you to monitor Windows Defender protection status and optimize the deployment of updates with regard to bandwidth.
- Windows Analytics Device Health is now generally available and enables you to identify devices and drivers that crash frequently.
To learn more about how to use these Windows Analytics solutions to speed up your Windows 10 deployments and simplify the management of your Windows 10 devices, register for our November 7th webcast.
- Battery life – power throttling for inactive programs, battery icon flyout with slider for system-wide or app-specific throttling
- Windows Update – interactive notification when new updates are available, detailed information about the status of each update as it is installed
- Notifications and Action Center – the first notification in each notification group is auto-expanded, dismiss notifications with an error (instead of an X)
- Settings – “About” offers information about system health, new (Remote Desktop, Cortana) and reordered categories in Settings, “Continue on PC” option for Android and iOS devices.
- Delete previous versions of Windows directly through Storage Sense, and set up Storage Sense to automatically delete files in the Downloads folder that haven’t been modified in 30 days
- Windows Shell – fluent design, ability to resize Start diagonally, new Action Center UI, restart apps (vs. OS) to fix blurry desktop app DPI issues after docking/undocking, scrollbars shrink when cursor isn't near them
- Reset your Microsoft Account password from the lock screen.
- Windows 10 now runs on ARM64 architecture
- Access all your files without using up your device storage with OneDrive Files On-Demand
- Input improvements – new emoji panel, updated touch keyboard with shape writing and one-handed mode, ability to scroll lists and websites with a pen
- Accessibility - read aloud option for websites and PDFs, Eye Control with select Tobii hardware, lock/sign out/shut down/restart using Cortana voice commands, improved speech recognition
What’s new for Microsoft Edge
To see the full list of what’s new, check out the Microsoft Edge Developer blog. Here are the highlights:
- Support for PDF forms, ability to see PDF table of contents, use Windows Ink directly on PDFs
- Pin websites to the Windows taskbar
- Rename Favorites, edit the URL of an existing Favorite, and save Favorites in a different location directly from the Favorites UI
- When using Find on Page, pressing F3 will now go to the next result; Shift+F3 will go to the previous result.
- See and manage website permissions
- Browse in full screen
- Browse on your phone and continue on your PC
Where can I get Windows 10, version 1709?
Windows 10, version 1709 is available for download today from:
- Windows Update for Business
- Windows Server Update Services (WSUS)
- Visual Studio Subscriptions (formerly MSDN Subscriptions)
- Volume Licensing Service Center (for Volume License customers)
- Software Download Center (via Update Assistant or the Media Creation Tool)
The following resources have also been updated to help you plan for, deploy, and manage Windows 10, version 1709:
- Free 90-day evaluation of Windows 10 Enterprise, version 1709
- Group Policy Settings Reference for Windows and Windows Server
- Administrative Templates (.admx) for Windows 10, version 1709
- Remote Server Administration Tools for Windows 10
- Security baseline for Windows 10, version 1709
I haven’t deployed Windows 10 yet. What should I do?
If you haven’t yet deployed Windows 10 in your organization, download the updated Windows 10 Enterprise Evaluation to test your applications and deployment strategies for Windows 10 free for 90 days. The following resources can also help you prepare for, and simplify, the deployment process:
- Windows Analytics Upgrade Readiness – a free service that helps you identify compatibility issues that can block an upgrade and that proactively suggests fixes.
- Windows 10 virtual labs – hands-on labs featuring step-by-step instructions and virtual machines so you can try out the latest security, deployment, and management options with no setup or additional software required.
- Windows 10 Deployment and Management Lab Kit – a pre-configured virtual lab environment and step-by-step lab guides to help you review and test an in-place upgrade as well as traditional deployment methods. (Note: this lab kit has not yet been updated to Windows 10, version 1709, but will be soon.)
For information on what’s new for developers, see What's New in Windows 10 for developers, version 1709. For a full list of new namespaces added to the Windows SDK, see New APIs in Windows 10 version 1709. And, for a list of features and functionality that have been removed from Windows 10, or might be removed in future releases, see Features that are removed or deprecated in Windows 10 Fall Creators Update.
Continue the conversation. Find best practices. Visit the Windows 10 Tech Community.
Looking for support? Visit the Windows 10 IT pro forums.