Next Major Windows 10 Update Arrives October 17, Here's What's in it for the Enterprise
Microsoft has been working on the next major update to Windows 10 for several months. The company initially showed off the update at its Build conference earlier this year and now they finalizing the bits to release to everyone in the near future.
Starting on October 17th, the ‘Fall Creators Update’ will be available worldwide. If this release is like any of the past updates, expect it to roll out slowly of the next several months but you will likely be able to install that day if you wish to do so.
In the announcement, Microsoft is still sticking to the 500 million devices running the OS, a number that they announced earlier this year. While it’s a bit too early to say that adoption of the OS has stalled, if we don’t hear an update in the near future, it may be cause for alarm.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Starting with this release Microsoft will finally integrate Windows Defender ATP across the entire threat protection stack which includes protecting, detection, and response pillars. The new centralized management component offers increased visibility and also new Security Analytics that will review Windows security feature utilization and configurations as well as Windows 10 security patch status across Windows 10 endpoints to provide improved visibility into the current status of your network.
Windows Defender Exploit Guard is on the agenda for the upcoming release as well. This new feature will make Enhanced Mitigation Experience Toolkit (EMET) native to Windows 10.
Exploit Guard introduces new capabilities that makes exploiting vulnerabilities more difficult and also introduces a new class of intrusion prevention rules derived from the Microsoft Intelligent Security Graph that will limit the threat of advanced attacks including zero day exploits. The goal of this feature is to make the once difficult process of defining the rule-set for attack mitigation that required significant expertise and time to craft, easier to integrate into your environment.
Last year at Ignite, Microsoft announced Windows Defender Application Guard and the feature was expected to arrive with Redstone 2. Seeing as that deadline has come and gone, this security enhancement will be shipped with Redstone 3. This feature will protect your environment if a local user downloads malicious applications from the Internet or a zero-day exploit is encounter in the browser; WDAG is able to isolate the machine from the rest of the network and stop the malicious applications/intruders from reaching other areas of your infrastructure.
For those that are using Windows Defender Device Guard, this feature will now be integrated into Windows Defender ATP’s response capabilities to improve the process of managing the safe application lists
Also coming this fall, Microsoft will be introducing Windows AutoPilot, AutoPilot Reset, and Device Health. All of these features will make the provisioning process easier and also let the end-user see more information about their machine to proactively avoid hardware and software issues before they degrade the performance of the device.
Windows AutoPilot is a suite of technologies Microsoft is using that are designed to simplify the setup process for a new device. When combined with the Windows AutoPilot Deployment Program that enables OEMs and distributors/resellers to link devices to an organization’s Azure Active Directory and Intune mobile device management (MDM) services, a new device can be provisioned by the user out of the box rather than having IT do all the heavy lifting. What this means is that a device can automatically be enrolled in Intune, transformed to Windows 10 Enterprise, local settings/security applied, Office 365 ProPlus and line-of-business apps installed all without the need for IT intervention.
This release will have quite a bit packed in for enterprise customers when it becomes available. That being said, most companies are not on the bleeding edge of Windows builds which means it will likely be several months or years before this feature-set is widely used in companies around the globe.