Embed Size (px)
Citation preview
Windows 10 Version 1903 und 1909 –Neuerungen und neue Security Features
Manfred Helber
Twitter: @ManfredHelberwww.manfredhelber.de
WINDOWS AS A SERVICE
A new way to build, deploy and service
Windows
A single cumulative update each month with no new features• Security fixes, reliability fixes, bug fixes, etc.
• Supersedes the previous month’s updateQualityUpdates
Twice per year with new capabilities• New features and innovation APIs and security capabilities
• Very reliable, with built-in rollback capabilities
• Simple deployment using in-place upgrade, driven by existing tools
• Try them out with Insider Preview
FeatureUpdates
Windows 10 Version history
Windows 10 version history Date of availabilityEnd of service for Home, Pro, and Pro for Workstations editions
End of service for Enterprise and Education editions
Windows 10, version 1903 May 21, 2019 December 8, 2020 December 8, 2020Windows 10, version 1809 November 13, 2018 May 12, 2020 May 11, 2021Windows 10, version 1803 April 30, 2018 November 12, 2019 November 10, 2020Windows 10, version 1709 October 17, 2017 April 9, 2019 April 14, 2020Windows 10, version 1703 April 5, 2017* October 9, 2018 October 8, 2019Windows 10, version 1607 August 2, 2016 April 10, 2018 April 9, 2019Windows 10, version 1511 November 10, 2015 October 10, 2017 October 10, 2017Windows 10, released July 2015 (version 1507) July 29, 2015 May 9, 2017 May 9, 2017
* Windows 10, version 1703 for Enterprise, Education, and IOT Enterprise editions were released on April 11, 2017.Note: Not all features in an update will work on all devices. A device may not be able to receive updates if the device hardwareis incompatible, lacks current drivers, or is otherwise outside the original equipment manufacturer’s (OEM) support period.
Windows 10 Version 1903
Simplified updatesIntelligent security Enhanced productivity
Flexible management
Intelligent security
Securitymanagement
Threat protection
Identity protection
Intelligent security with Windows 10
Windows SandboxIsolated desktop environment where you can run untrusted software without the fear of lasting impact to your device
Windows Defender Application GuardStandalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settingsEnterprise users are able to check their settings to see what their administrators have configured for their machines to better understand the behavior
Windows Defender Application ControlNew features that light up key scenarios and provide feature parity with AppLocker
Microphone privacy settingsA mic icon appears in the notification area letting you see which apps are using your microphone
Core Windows 10 Security EnhancementsWhat’s new in Windows 10 May 2019 Update
Security managementWhat’s new in Windows 10 May 2019 Update
Windows Security app improvementsProtection historyDetailed and easier to understand information about threats and available actionsControlled Folder Access blocks added to Protection historyActions from Windows Defender Offline Scanning toolAny pending recommendations
Tamper ProtectionPrevent malicious apps from changing important Windows Defender Antivirus settings
Windows Defender FirewallWindows Subsystem for Linux (WSL)Add rules for WSL process, just like for Windows processes
netsh.exe advfirewall firewall add rule name=wsl_python dir=in action=allow program="C:\users\<username>\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\bin\python3.7" enable=yes
Identity protectionWhat’s new in Windows 10 May 2019 Update
1To use Windows Hello with biometrics specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware-based protection of the Windows Hello credential/keys requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based. 2 Not available for all SKU’s
Streamlined Windows Hello PIN reset experience1,2
Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web
Sign-in with Password-less Microsoft accountsSign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience! 1
Remote Desktop with BiometricsAzure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session
Securitymanagement
Threat protection
Identity protection
Intelligent security with Windows 10
Microsoft Defender Advanced Threat Protection
Windows Defender Antivirus improvements
Windows Sandbox
Mic privacy settings
Windows Defender Application Guard Enhancements
Windows Defender Firewall for WSL
Windows Security app improvements
Protection history enhancements
Tamper Protection
Windows Hello PIN reset
Password-less sign-in
Remote Desktop with Biometrics
Simplified updates
Simplified updates
Streamline deployment and updates with modern tools
Application compatibility IT can trust
Reserved Disk SpaceNew and wipe-and-load installations of version 1903 will automatically reserve disk space to be used by Feature and Quality Updates, ensuring the updates do not fail for disk space reasons
Automatic Restart Sign-on (ARSO)For Azure AD joined systems, Windows will automatically logon as the user and lock the device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
Servicing UpdatesPause updates, Background processing, intelligent Active Hours, and deferral notifications have all been enhancedUse instead of media-based to reduce the Feature Update size with Express Updates
Streamline deployment and updatesWhat’s new in Windows 10 May 2019 Update
Delivery Optimization (DO)Improve Peer Efficiency for Enterprises/EDUs with complex networks (via a set of new Policies)New! supports Office 365 ProPlus updates, Intune content, and ConfigMgr is coming soon!
Feature Rollback ImprovementsSupports Quality Updates and Feature UpdatesInitiate a rollback remotely using MDM, or trigger via ConfigMgr or other management tool
Streamline deployment and updatesWhat’s new in Windows 10 May 2019 Update
Simplified updates
Streamline deployment and updates with modern tools
Application compatibility IT can trust
Delivery Optimization (DO)
Express updates
Servicing-based feature updates
Feature Rollback improvements
Delivery optimization
Desktop App Assure
Windows Insider Program for Business
ReadyforMicrosoft365.com
Flexible management
Flexible management
Deliver enterprise-ready devices easily
Simplify device management
Deliver enterprise-ready devicesWhat’s new in Windows 10 May 2019 Update
Windows Autopilot 1
Enrollment Status Page (ESP) enhancementsSilencing Cortana in OOBEWindows Autopilot white glove deploymentWindows Autopilot is self-updating during OOBE
1 Requires Azure Active Directory Premium P1 and Intune or another MDM solution
Simplify device managementWhat’s new in Windows 10 May 2019 Update
Mobile Device Management PoliciesNew Group Policies and MDM policies for managing Microsoft EdgeBitLocker can silently be enabled for standard AAD Joined usersUpdated Microsoft 365 Admin Center (preview April 2019)
Intune Security Baselines (preview)Includes many settings supported by Intune that you can use to help secure and protect your users and devices. Automatically sets these settings to values recommended by security teams
1 MDM requires an MDM product such as Microsoft Intune or other 3rd-party solutions (sold separately).2 Available in select markets. Functionality and apps may vary by market and device.
Flexible management
Deliver enterprise-ready devices easily
Simplify device management
Windows Autopilot
Windows Subscription Activation
Mobile Device Management
Mobile Application Management
Windows Shared Devices
Microsoft Store for Business
Enhanced productivity
Enhanced productivity
Work smarter
Cultivate collaboration Empower workstyles
Work smarterWhat’s new in Windows 10 May 2019 Update
Windows ShellSearch for Linux files contained in a WSL distroTop apps and recent files displayed when you click in the Search barSeparating Search and Cortana1
TimelineChrome extension adds Google Chrome activity to Timeline
1Cortana available in select markets; experience may vary by region and device. Cortana app required for Android and iOS devices (Requires Android version 4.1.2 or higher, or iPhone 4 with iOS 8.0 or higher).
Empower workstylesWhat’s new in Windows 10 Update 1903
AccessibilityNarrator Improvements including more voices and reading controlsEase of Access improvements including 11 new mouse pointer sizesNarrator QuickStart, a short tutorial for new users
Kaomoji and Emoji UpdatesTap WIN +(period) to access new kaomojis and emojis, finding the right one is a keyword away
Enhanced productivity
Work smarter
Empower workstylesCultivate collaboration
Search for Linux Files in WSL
Cortana
Work across devices
Accessibility
Kaomojis & Emojis
Windows Virtual Desktop
Office 365 on Windows
Nearby Sharing
Microsoft Whiteboard
OneNote
Windows 10 gets better with each updateWith enhanced security, more tools for IT and end user productivity features
§ Windows Information Protection§ Windows Hello for Business§ Windows Analytics Upgrade Readiness§ App-V, UE-V§ Hybrid Azure Active Directory Join§ Windows Ink§ Mobile Device Management§ AAD Join§ Windows Store for Business§ Windows Update for Business§ Mail, Calendar, Photos, Maps, Groove, Skype§ Windows Defender Antivirus
§ Windows Hello§ Microsoft Edge§ Device Guard§ Credential Guard § BitLocker§ SmartScreen§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core
+
1703
§ Windows Autopilot§ Windows Defender ATP§ Windows Defender Security Center§ Express update delivery§ Hyper-V§ Windows 10 Subscription Activation§ Windows Insider Program for Business§ Paint 3D§ Cortana at work§ Night light, mini view
+§ Mobile Device Management§ AAD Join§ Windows Store for Business§ Windows Update for Business§ Mail, Calendar, Photos, Maps, Groove, Skype§ Windows Defender Antivirus§ Windows Hello§ Microsoft Edge§ Device Guard
§ Credential Guard § BitLocker§ SmartScreen§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core
1607
§ Windows Information Protection§ Windows Hello for Business§ Windows Analytics Upgrade Readiness§ App-V, UE-V§ Hybrid Azure Active Directory Join§ Windows Ink
+
1511
§ Windows Defender Antivirus§ Windows Hello§ Microsoft Edge§ Device Guard§ Credential Guard § BitLocker§ SmartScreen
§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core
§ Mobile Device Management§ AAD Join§ Windows Store for Business§ Windows Update for Business§ Mail, Calendar, Photos, Maps, Groove, Skype+
1507
§ Windows Defender Antivirus§ Windows Hello§ Microsoft Edge§ Device Guard§ Credential Guard § BitLocker§ SmartScreen
§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core
Windows 10 gets better with each updateWith enhanced security, more tools for IT and end user productivity features
§ Windows Defender Exploit Guard, System Guard, Application Guard, Application Control
§ Mobile Device Management§ Windows Analytics Update Compliance§ Windows Analytics Device Health§ Co-management§ Enterprise search in Windows§ Continue on PC§ OneDrive Files On-Demand§ Narrator§ Mixed Reality Viewer§ Windows Autopilot§ Windows Defender ATP§ Windows Defender Security Center§ Express update delivery§ Hyper-V§ Windows 10 Subscription Activation§ Windows Insider Program for Business§ Paint 3D§ Cortana at work§ Night light, mini view§ Windows Information Protection§ Windows Hello for Business
§ Windows Analytics Upgrade Readiness§ App-V, UE-V§ Hybrid Azure Active Directory Join§ Windows Ink§ Mobile Device Management§ AAD Join§ Windows Store for Business§ Windows Update for Business§ Mail, Calendar, Photos, Maps, Groove, Skype§ Windows Defender Antivirus§ Windows Hello§ Microsoft Edge§ Device Guard§ Credential Guard § BitLocker§ SmartScreen§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core
+
§ Windows Analytics – Spectre & Meltdown, Delivery Optimization, Application Reliability Logon Health
§ WDATP Automated Remediation§ Conditional Access based on WDATP device risk§ Threat Analytics§ Emergency Outbreak Updates§ Advanced hunting§ Cloud Credential Guard§ Diagnostic data viewer§ Windows Autopilot enrollment status page§ Windows 10 Enterprise in S mode§ Shared Windows Devices§ Nearby Sharing§ Dictation§ Timeline
1803
§ Windows Autopilot§ Windows Defender ATP§ Windows Defender Security Center§ Express update delivery§ Hyper-V§ Windows 10 Subscription Activation§ Windows Insider Program for Business§ Paint 3D§ Cortana at work§ Night light, mini view§ Windows Information Protection§ Windows Hello for Business§ Windows Analytics Upgrade Readiness§ App-V, UE-V§ Hybrid Azure Active Directory Join§ Windows Ink§ Mobile Device Management
§ AAD Join§ Windows Store for Business§ Windows Update for Business§ Mail, Calendar, Photos, Maps, Groove, Skype§ Windows Defender Antivirus§ Windows Hello§ Microsoft Edge§ Device Guard§ Credential Guard § BitLocker§ SmartScreen§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core
+
1709
§ Windows Defender Exploit Guard, System Guard, Application Guard, Application Control
§ Mobile Device Management§ Windows Analytics Update Compliance§ Windows Analytics Device Health§ Co-management§ Enterprise search in Windows§ Continue on PC§ OneDrive Files On-Demand§ Narrator§ Mixed Reality Viewer
+
1809
§ Windows Analytics – Spectre & Meltdown, Delivery Optimization, Application Reliability Logon Health
§ WDATP Automated Remediation§ Conditional Access based on WDATP device risk§ Threat Analytics§ Emergency Outbreak Updates§ Advanced hunting§ Cloud Credential Guard§ Diagnostic data viewer§ Windows Autopilot enrollment status page§ Windows 10 Enterprise in S mode§ Shared Windows Devices§ Nearby Sharing§ Dictation§ Timeline§ Windows Defender Exploit Guard, System
Guard, Application Guard, Application Control§ Mobile Device Management§ Windows Analytics Update Compliance§ Windows Analytics Device Health§ Co-management§ Enterprise search in Windows§ Continue on PC§ OneDrive Files On-Demand§ Narrator§ Mixed Reality Viewer§ Windows Autopilot§ Windows Defender ATP§ Windows Defender Security Center§ Express update delivery
§ Hyper-V§ Windows 10 Subscription Activation§ Windows Insider Program for Business§ Paint 3D§ Cortana at work§ Night light, mini view§ Windows Information Protection§ Windows Hello for Business§ Windows Analytics Upgrade Readiness§ App-V, UE-V§ Hybrid Azure Active Directory Join§ Windows Ink§ Mobile Device Management§ AAD Join§ Windows Store for Business§ Windows Update for Business§ Mail, Calendar, Photos, Maps, Groove, Skype§ Windows Defender Antivirus§ Windows Hello§ Microsoft Edge§ Device Guard§ Credential Guard § BitLocker§ SmartScreen§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core
§ Microsoft Defender ATP new attack surface area reduction controls§ Investigation and remediation across Office 365 ATP and Microsoft Defender
ATP§ Web Authentication in Microsoft Edge § Windows Hello with FIDO 2.0§ 30 months of support for September releases§ Windows Autopilot Self-deploying mode§ Windows Autopilot Hybrid Azure AD join§ S Mode Block Switch§ Microsoft Edge kiosk mode§ Desktop Analytics (Preview) – Intelligent Pilot Selection and ConfigMgr
Integration§ ReadyforMicrosoft365.com § Microsoft Edge experience improvements§ Accessibility enhancements§ Access the clipboard across devices§ Your Phone
+
1903
§ Windows Analytics – Spectre & Meltdown, Delivery Optimization, Application Reliability Logon Health
§ WDATP Automated Remediation§ Conditional Access based on WDATP
device risk§ Threat Analytics§ Emergency Outbreak Updates§ Advanced hunting§ Cloud Credential Guard§ Diagnostic data viewer§ Windows Autopilot enrollment status page§ Windows 10 Enterprise in S mode§ Shared Windows Devices§ Nearby Sharing§ Dictation§ Timeline§ Windows Defender Exploit Guard, System
Guard, Application Guard, Application Control
§ Mobile Device Management§ Windows Analytics Update Compliance§ Windows Analytics Device Health§ Co-management§ Enterprise search in Windows§ Continue on PC§ OneDrive Files On-Demand§ Narrator§ Mixed Reality Viewer§ Windows Autopilot§ Microsoft Defender ATP§ Windows Defender Security Center§ Express update delivery§ Hyper-V§ Windows 10 Subscription Activation§ Windows Insider Program for Business§ Paint 3D§ Cortana at work§ Night light, mini view§ Windows Information Protection§ Windows Hello for Business§ Windows Analytics Upgrade Readiness
§ App-V, UE-V§ Hybrid Azure Active Directory Join§ Windows Ink§ Mobile Device Management§ AAD Join§ Windows Store for Business§ Windows Update for Business§ Mail, Calendar, Photos, Maps, Groove,
Skype§ Windows Defender Antivirus§ Windows Hello§ Microsoft Edge§ Device Guard§ Credential Guard § BitLocker§ SmartScreen§ Windows as a service§ In-place upgrades§ Continuum§ Cortana§ Windows 10 core§ Windows Defender ATP new attack surface
area reduction controls§ Investigation and remediation across Office
365 ATP and Windows Defender ATP§ Web Authentication in Microsoft Edge § Windows Hello with FIDO 2.0§ 30 months of support for September
releases§ Windows Autopilot Self-deploying mode§ Windows Autopilot Hybrid Azure AD join§ S Mode Block Switch§ Microsoft Edge kiosk mode§ Desktop Analytics (Preview) – Intelligent
Pilot Selection and ConfigMgr Integration§ ReadyforMicrosoft365.com § Microsoft Edge experience improvements§ Accessibility enhancements§ Access the clipboard across devices§ Your Phone
§ Windows Virtual Desktop (Preview)§ Microsoft Defender Advanced Threat Protection enhancements§ Attack Surface Reduction enhancements§ Next Generation Protection enhancements§ Tamper Proofing Capabilities§ Windows Sandbox§ Application Guard enhancements§ Sign-on with Password-less Microsoft accounts§ New Kaimojis and Emojis§ Accessibility Improvements§ Windows Shell enhancements§ Windows Timeline§ Device Management Policies§ Intune Security Baselines§ Enhanced Enrollment Status Page§ Windows AutoPilot White Glove§ Setup Diag§ Automatic Restart Sign On (ARSO)§ Reserved Disk Space§ Improved Delivery Optimization (DO)
Begin your journey with Windows 10 today
January 14th 2020
Manfred Helber
Twitter: @ManfredHelberLinkedIn: Manfred Helberwww.manfredhelber.de
https://aka.ms/WBSCEvents
www.windows-business-solutions-club.de
Vielen Dank!
