What’s new for IT pros in Windows 10, version 1709
Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) is now available via Windows Update for Business, Windows Server Update Services (WSUS), the Volume Licensing Servicing Center (VLSC), and Visual Studio Subscriptions. We have also updated the Windows Assessment and Development Kit (Windows ADK) for Windows 10 and the free, 90-day Windows 10 Enterprise Evaluation.
Windows 10, version 1709 is the fourth feature update for Windows 10, offering IT professionals a comprehensive set of intelligent security solutions, streamlined deployment and management options, and proactive insights to help protect data and devices, save time, and reduce costs. We recommend that you test the newest features and functionality in this Semi-Annual Channel release now in preparation for broad deployment to the devices in your organization.
To see some of these features in action, register today for a one-hour webcast with live Q&A with Michael Niehaus and myself at 10:00 a.m. Pacific Time on Thursday, November 2nd. We’ll have engineering and product team experts standing by to answer any questions you may have about this release—and Michael and I will answer some questions on air toward the end of the hour.
Now, on to a summary of what’s new and what’s changed for IT pros in Windows 10, version 1709. For a summary of the top new features for end users, see the Windows Blog.
What’s new for IT professionals
- Windows AutoPilot – self-service deployment for Windows 10 devices so that devices can be configured at the hardware vendor, shipped directly to end users, and, once the user logs on, joined to Azure Active Directory (Azure AD) and enrolled in Microsoft Intune in just minutes
- Windows 10 Subscription Activation – deploy Windows 10 Enterprise to subscribed users with no keys or reboots
- Windows 10 Automatic Redeployment – quickly reset a device to a known, fully-configured state while maintaining MDM management and Azure AD connection
- Hyper-V – new Virtual Machine Gallery, automatic checkpoints so you can always revert, virtual battery support
- Ability to register Azure AD domains with the Windows Insider Program for Business
- New policies in Windows Update for Business for managing Windows Insider Program enrollment
- New Settings UX for Delivery Optimization provides clear view of bandwidth savings and activity details for uploads and downloads
Windows Defender Advanced Threat Protection (Windows Defender ATP) enhancements:
Now a full suite of security solutions that includes Windows Defender Application Guard, Device Guard (now Windows Defender Device Guard), Credential Guard (now Windows Defender Credential Guard), Windows Defender Firewall, and Windows Defender Antivirus.
- Security operations dashboard provides a single pane of glass across the Windows security stack, enabling you to do more and respond quickly to attacks.
- Security analytics dashboard allows you to quickly assess your organization’s security posture, see machines that require attention, and get a list of actions to further reduce your attack surface.
- New security graph APIs so you can use Windows Defender ATP data with other security information and event management systems.
- Windows Defender Application Guard – uses Hyper-V to create sandboxed browser sessions using Microsoft Edge, isolates potential malware and exploits downloaded via the browser and isolates and contains the threat
Windows Defender Exploit Guard – a set of intrusion prevention capabilities offering many of the mitigations previously part of EMET, specifically:
- Attack surface reduction – set of rules targeting and preventing actions and apps typically used by exploit-seeking malware
- Network protection – prevents users from using any application to access dangerous domains that may host phishing scams, exploits, or other malicious content
- Controlled folder access – anti-ransomware feature, that, when enabled, makes it so that only the apps you approve can access Windows system files and data folders
- Windows Information Protection – can be deployed along with Office 365 using Azure Information Protection
- Windows Hello for Business – ability to configure a device to automatically lock and unlock based on location and user proximity
- BitLocker – minimum PIN length has been changed from 6 to 4 (default is 6)
- Improved warning prompts for end users for apps that are blocked by enterprise policies
- Removal of SMBv1 from clean installs (SMBv1 components will continue to be included on upgrades where they are already installed)
- Co-management – the ability to manage a Windows 10 device using Configuration Manager and Intune (or third-party MDM) at the same time (Have questions? Join the Co-management “Ask Microsoft Anything” event Thursday, October 19 from 9:00 a.m. to 10:00 a.m. Pacific Time.)
- Ability to use Group Policy to trigger auto-enrollment to MDM for Azure AD domain joined devices
New MDM settings, including settings that allow you to:
Have your MDM server check if there’s a traditional management agent already on the device, and which settings that traditional agent has configured
- Deploy and configure Windows Defender Application Guard
- Configure security baseline settings (such as account and logon policies)
- Configure Windows Firewall rules
- New kiosk configuration and management features (multi-app scenarios, simplified lockdown configurations)
- Always On VPN – remote computers and devices are always connected to your organization network when they are turned on and Internet connected
- Windows Analytics Upgrade Readiness enhancements, including improved application compatibility assessment and post-upgrade health reports
- Windows Analytics Update Compliance is now generally available and has new capabilities that allow you to monitor Windows Defender protection status and optimize the deployment of updates with regard to bandwidth.
- Windows Analytics Device Health is now generally available and enables you to identify devices and drivers that crash frequently.
To learn more about how to use these Windows Analytics solutions to speed up your Windows 10 deployments and simplify the management of your Windows 10 devices, register for our November 7th webcast.
- Battery life – power throttling for inactive programs, battery icon flyout with slider for system-wide or app-specific throttling
- Windows Update – interactive notification when new updates are available, detailed information about the status of each update as it is installed
- Notifications and Action Center – the first notification in each notification group is auto-expanded, dismiss notifications with an error (instead of an X)
- Settings – “About” offers information about system health, new (Remote Desktop, Cortana) and reordered categories in Settings, “Continue on PC” option for Android and iOS devices.
- Delete previous versions of Windows directly through Storage Sense, and set up Storage Sense to automatically delete files in the Downloads folder that haven’t been modified in 30 days
- Windows Shell – fluent design, ability to resize Start diagonally, new Action Center UI, restart apps (vs. OS) to fix blurry desktop app DPI issues after docking/undocking, scrollbars shrink when cursor isn't near them
- Reset your Microsoft Account password from the lock screen.
- Windows 10 now runs on ARM64 architecture
- Access all your files without using up your device storage with OneDrive Files On-Demand
- Input improvements – new emoji panel, updated touch keyboard with shape writing and one-handed mode, ability to scroll lists and websites with a pen
- Accessibility – read aloud option for websites and PDFs, Eye Control with select Tobii hardware, lock/sign out/shut down/restart using Cortana voice commands, improved speech recognition