What’s new for IT pros in Windows 10 1903.
The biggest concern for most companies today—and their IT departments—is security. With cyberthreats rapidly increasing every day, organizations need intelligent security to defend and protect their environments. Windows 10 comes with security built-in, and it leverages the cloud to coordinate defenses across email, data, and devices for end-to-end protection using the Microsoft Graph.
Here are some of the new intelligent security capabilities included in Windows 10, version 1903:
Microsoft Defender Advanced Threat Protection (ATP):
- Attack surface area reduction – IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URL’s and IP addresses.
- Next generation protection – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage.
- Integrity enforcement capabilities – Enable remote runtime attestation of the Windows 10 platform.
- Tamper-proofing capabilities – Use virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers.
- Platform support – Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities now support Windows 7 and 8.1 environments.
- Advanced machine learning – Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware.
- Emergency outbreak protection – Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected.
- Certified ISO 27001 compliance – Ensures that the cloud service has analyzed for threats, vulnerabilities and impacts, and that risk management and security controls are in place.
- Geolocation support – Support geolocation and sovereignty of sample data as well as configurable retention policies.
- Windows Sandbox – Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
- Microphone privacy settings – A microphone icon appears in the notification area letting you see which apps are using your microphone.
- Windows Defender Application Guard enhancements – Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.
- Windows Hello FIDO2 certification – Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure Active Directory (AD).
- Streamlined Windows Hello PIN reset experience[ii],[iii] – Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web.
- Sign-in with Password-less Microsoft accounts – Sign in to Windows 10 with a phone number., then use Windows Hello for an even easier sign-in experience! i
- Remote Desktop with Biometrics – Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
- Windows Defender Firewall: Windows Subsystem for Linux (WSL), which lets you add rules for WSL process, just like for Windows processes.
- Windows Security app improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations.
- Tamper Protection lets you prevent others from tampering with important security features.
With Windows 10, version 1903, you’ll see the following improvements to help you to streamline deployments and update management:
- Delivery Optimization – Improved Peer Efficiency for enterprises and educational institutions with complex networks (via a set of new policies). This now supports Office 365 ProPlus updates and Microsoft Intune content; System Center Configuration Manager content will be coming soon.
- Reserved storage – Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches, improving the day-to-day function of your PC by ensuring that critical OS functions always have access to disk space. This feature will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed as well as clean installs of Windows 10, version 1903. (It will not be enabled when updating from a previous version of Windows 10.)
- Automatic Restart Sign-on (ARSO) – For Azure Active Directory-joined devices, Windows will automatically log on as the user and lock the device to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
- Windows Update for Business – There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
- Update rollback improvements – When a device is unable to start properly after installing a driver or monthly quality update, Windows will automatically uninstall the update to return the device to a normally operating state.
- Pause updates – Users of all editions of Windows 10, including Windows 10 Home, can pause updates for both feature and monthly updates.
- Intelligent active hours – Users now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns.
- Improved update orchestration – Windows 10, version 1903 offers improved system performance by intelligently coordinating Windows updates and Microsoft Store updates so they occur when users are away from their devices to minimize disruptions.
- Improved update notifications – When there’s an update requiring a device restart, users will see a colored dot on the Power button in the Start menu and on the Windows icon in the taskbar.
- SetupDiag – Use this command-line tool to troubleshoot failed feature updates.
To deliver that secure and productive experience that users and your organization are expecting, it’s critical to use modern management practices. Here is what Windows 10, version 1903 has to offer around delivering enterprise-ready devices and simplifying the ongoing management of those devices.
- Deliver enterprise-ready devices with Windows Autopilot[iv] – Enrollment Status Page (ESP) enhancements, which include tracking Win32 apps delivered via Intune Management Extensions. You can also now choose which apps to block during enrollment through Intune. In addition, Windows Autopilot functional and critical updates will begin downloading automatically during the out of box experience (OOBE). Cortana voiceover is now disabled by default for Windows 10 Pro and above SKUs in the OOBE. And, with Windows Autopilot white glove deployment, partners or IT staff can pre-provision Windows 10 PCs to be fully configured and business-ready before they are delivered to the Check out the new Microsoft Mechanics video to learn more about the new white glove deployment and these other new Windows Autopilot features.
- Mobile Device Management policies – Windows 10, version 1903 offers new Group Policies and mobile device management (MDM) policies for managing Microsoft Edge. You can silently enable BitLocker for standard Azure Active Directory-joined users. You can also more easily manage the entire Microsoft 365 experience for users with the Microsoft 365 Admin Center.
- Intune Security Baselines (Preview) – Now includes many settings supported by Intune that you can use to help secure and protect your users and devices. You can automatically set these settings to values recommended by security teams.
Ultimately, Windows 10 is about providing a great, productive experience for users. Here are some of the key productivity enhancements in this new feature update:
- Work smarter – Windows Shell now lets you search for Linux files contained in a WSL distro. In addition, top apps and recent files will display when you click in the Search bar. We’ve also separated Search and Cortana allowing Cortana to act as more of a digital assistant while using Windows Search for searching for file, pics, docs, etc.. The new Chrome extension adds Google Chrome activity to the Timeline view.
- Empower workstyles – New accessibility features include Narrator improvements with more voices and reading controls, as well as ease of access improvements such as 11 new mouse pointer sizes. Windows 10, version 1903 also includes Narrator QuickStart, which is a short tutorial for new users. In addition, you can tap WINDOWS + . to access new kaomojis and emojis, making finding the right one a keyword away.
- Windows Virtual Desktop – Available as a public preview, Windows Virtual Desktop allows you to deliver a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps.