What’s New in Windows 10 Version 1809 For IT Professionals
Windows 10 version 1809 was released October 2nd for those that manually check for updates in the Windows 10 Settings app or use one of the manual options available on Microsoft’s website here. October’s Patch Tuesday, October 9th, will see the update roll out automatically via Windows Update to compatible devices.
There are no major new features in this feature update but there are many minor improvements and additions, although the list for sysadmins and developers is shorter than for business users, which you can find here What’s New in Windows 10 Version 1809 For Users on Petri. Here are the most important changes for IT pros in Windows 10 version 1809.
Windows Autopilot Self-Deploying Mode
If your organization is already onboard with Microsoft’s Modern Desktop deployment and management strategy for Windows 10, then the new self-deploying mode in Windows Autopilot provides zero-touch deployment. Users plug their new device into the network and power on. In this mode, users don’t need to click Next at each stage of the deployment.
Using self-deploying mode, organizations can register devices in Azure Active Directory, enroll with Mobile Device Management (MDM), and push out policies and apps without any need for users to touch devices.
Log In to Remote Desktop Using Biometrics
Active Directory and Azure Active Directory users with Windows Hello for Business can log in to remote desktop sessions using biometrics. When you fire up a remote desktop session, Windows already knows that you’re logged in using Windows Hello for Business and takes care of the rest to get you logged into the remote desktop.
Web Log In
Prior to this release, Windows 10 only supported logins using identities federated to Active Directory Federation Services (ADFS) or providers that supported WS-Fed. In version 1809, web sign-in allows log in using non-ADFS federated providers, like SAML.
Remote Server Administration Tools
Better late than never, the Remote Server Administration Tools (RSAT) for Windows 10 are a Feature OnDemand, meaning that you won’t have to download or update them from Microsoft’s website. Despite that many organizations will look to start using the Windows Admin Center (WAC) to manage servers and Windows 10, there are still use cases for RSAT as WAC isn’t yet a replacement for many tools included in RSAT.
Fast Log In to Shared PCs
Windows 10 can be set up in shared PC mode, allowing only one user to be logged in and the user can always be signed out on the lock screen should someone else need to use the device. In this version of Windows, administrators can set Policy CSP, and the Authentication and EnableFastFirstSignIn policies to enable users to log in much faster.
Kiosk Setup Experience
If you want to set up a kiosk or digital sign, Microsoft has improved the kiosk setup experience in the Settings app. There’s now a wizard that guides users through setup. Microsoft Edge kiosk mode running in single-app assigned access can be configured to work in two ways. The first is Digital / Interactive signage that displays a full-screen website in InPrivate mode. The second is public browsing and users can access multiple tabs in Edge in InPrivate mode. The browser window can’t be minimized or closed, and users can’t open new browser windows or change Edge settings. Although they can clear browsing data and downloads and restart the browser by clicking End session.
Microsoft Edge kiosk mode running in multi-app assigned access also has two kiosk types, although according to Microsoft these modes cannot be set up using the new configuration wizard. Public browsing mode lets users open multiple tabs in InPrivate mode with restricted access to browser features. Other apps can also be made available to users. Normal mode uses Microsoft Edge without restrictions, but some features may not be compatible with this mode.
Registry Editor gets a dropdown that displays paths as you type them to help complete the next part. Pressing CTRL + BACKSPACE deletes the last word and CTRL + DELETE deletes the next word.
Windows 10 version 1809 brings many small but important improvements to security. Here is a list of the most important.
- The Windows Defender Security Center is now called just Windows Security Center.
- The Windows Security Center (WSC) service requires that third-party antivirus software runs as a protected process to register with Windows. Windows Defender Antivirus will continue to run with products that don’t meet this requirement.
- Windows Firewall support for Windows Subsystem for Linux (WSL).
- Block suspicious behaviours in Virus & treat protection settings brings Windows Defender Exploit Guard attack surface rules to all users.
- Controlled folder access now has a recently blocked apps list to make it easier to add apps that are blocked access to common system folders.
- Security providers in the Windows Security app lists third-party security software installed on a device.
- BitLocker can be silently enforced using MDM on fixed drives that don’t pass the Hardware Security Test Interface (HSTI) test.
- Choose the BitLocker encrypting algorithm during AutoPilot OOBE setup.
- Users can install and configure Windows Defender Application Guard (WDAG) in Windows Security. Enterprise users can check settings to see how policies have been used to configure WDAG. For more information on WDAG, see Revisiting Application Guard in the Windows 10 April 2018 Update on Petri.
- Windows Defender Credential Guard is enabled automatically on Windows 10 S-mode devices that are joined to Azure Active Directory.
- Windows Defender Advanced Threat Protection (ATP) gets a series of new features, including custom queries to monitor any kind of behavior and integration with the Azure Security Center.
In this article, I ran through a list of new features in Windows 10 version 1809 for system administrators and developers.