October 23, 2017 6:00 am

Microsoft 365 security and management features available in Windows 10 Fall Creators Update

By / Partner Director, Windows & Devices Group, Security & Enterprise

Last week, we shared the Windows 10 Fall Creators Update has begun rolling out to customers and we highlighted some of our favorite features for people who love and use Windows every day.

Windows 10 is running on more than 500 million monthly active devices and continues to gain momentum in enterprises, small businesses and education organizations with 90% growth in commercial devices year over year. In a recent Forrester survey of 482 enterprise global decision makers, they reported that 34% of company-issued PCs are running Windows 10.*

Today, we’re excited to share more about the security and management enhancements we’ve made that empower our commercial customers on their journey to digitally transform and support their Modern Workplace with Microsoft 365. We’re also providing more detail and guidance to IT administrators about how the Fall Creators Update will roll out to our customers in the coming weeks.

Top 10 Security & Management Features in the Fall Creators Update

The cyber threat landscape today requires an ongoing and relentless focus on security, and IT administrators need tools that help them prevent, protect, defend and respond to threats as well as modernize their workplace to empower employee creativity and productivity. Here are a few of our top enhancements for IT in the Fall Creators Update.

  1. Windows AutoPilot is a new cloud service that makes it possible for any PC to be enterprise-ready, with a simple self-service out of box user experience that IT can personalize for their organization and eliminate the need for IT to reimage, touch or manually provision Windows 10. Starting in January 2018, OEM partners Lenovo, HP, Panasonic, Toshiba and Fujitsu will join Microsoft Surface in supporting Windows AutoPilot. Read more about Windows AutoPilot.
  2. Windows Defender Application Guard makes Microsoft Edge the most secure browser for enterprise by hardware isolating the browser away from your apps, data, network and even Windows itself. WDAG protects your Microsoft Edge browsing sessions so if users encounter malware or hacking attempts while online they won’t impact the rest of your PC. Read more about Windows Defender Application Guard.
  3. Windows Defender Advanced Threat Protection now provides a ‘single pane of glass’ view across the Windows preventative protection security stack, for better and more manageable protection, detection, investigation and response. The new security analytics dashboard provides recommendations to improve your security posture. In addition, a set of new APIs give you intuitive access to pull data or perform response actions. Read more about Windows Defender Advanced Threat Protection.
  4. Windows Defender Application Control is a new solution that leverages the same application control technology from Windows Defender Device Guard, while removing the steep hardware, driver, and kernel mode software requirements. WDAC can run on any Windows 10 capable device with Windows 10 Enterprise and uses the power of the Microsoft Intelligent Security Graph (ISG) to automate the application control list making management easy. Read more about Windows Defender Application Control.
  5. Windows Defender Exploit Guard protects devices from intrusion, contacting malicious locations on the internet, and fileless-based attacks using seemingly innocuous content types, like documents. WDEG includes a rich set of vulnerability mitigation built in to Windows 10 that was previously available in the Enhanced Mitigation Experience Toolkit, reducing potential exploits of vulnerabilities in the platform and apps. Read more about Windows Defender Exploit Guard.
  6. Controlled Folder Access in Windows Defender Exploit Guard helps protect against viruses and ransomware by only allowing trusted applications to access protected folders and documents. If an unauthorized application, even a new unknown malware variant, attempts to access protected data, it will be denied access even if it manages to get past other defenses. Read more about controlled folder access.
  7. Windows Defender Antivirus enhancements, like new instant protection technology, use the power of the cloud and artificial intelligence built on top of the Microsoft Intelligent Security Graph (ISG) to provide next generation antivirus support to protect customers from quickly evolving polymorphic malware. Read more about Windows Defender Antivirus.
  8. Windows Assigned Access improvements provide the ability to customize and lock down Windows devices to specific tasks or experiences for Firstline Workers and kiosks; and cloud-based tools enable IT to maintain these devices remotely. Organizations can now quickly set up and maintain locked down single purpose devices with improved tools, enabling single app and multi-app uses. Read more about Windows Assigned Access multi-app support.
  9. Windows Hello improvements including new factors such as proximity, location, dynamic lock and Intel Authenticate support make it easier to deploy and more secure. With stolen credentials being one of the leading causes for breaches, moving away from passwords should be a top priority for every organization. Read more about Windows Hello.
  10. Windows 10 Subscription Activation uses AAD entitlement from the cloud making it easier for customers to activate and use all these great features in Windows 10 Enterprise. It enables Windows 10 Pro devices to seamlessly step up to Windows 10 Enterprise without on-premise infrastructure, product keys or reboots based simply on an entitled user logging on. Read more about Windows 10 Subscription Activation.

We’re also helping our enterprise customers with new tools and resources to aid deployments, servicing and compliance.

  • We shared new Global Data Protection Regulation (GDPR) resources to help our customers accelerate their GDPR compliance with details on security features and capabilities built into Windows 10.
  • We added Device Health to the Windows Analytics suite to help reduce support costs by proactively identifying and remediating top employee-impacting device issues. We also provided enterprise customers with a new diagnostic setting specifically to enable Windows Analytics to provide critical business insights for the maintenance of their device ecosystem.

Now is a great time to get started running pilots within your organization and begin rolling out the Fall Creators Update to stay up to date and current with the latest security protections and management tools.

– Rob

*Forrester: “Windows 10 Finally Delivers On Microsoft’s Security Promises” October 20, 2017

Updated October 24, 2017 6:16 am