BitLocker, a leading disk encryption solution, helps protects data when a device is lost or stolen. BitLocker has been significantly enhanced for Windows 10, offering market-leading security and performance features, as well as robust features that make it easier to deploy, administer, and monitor. With Windows 10, the need for a PIN has been eliminated on most device types; the single sign-on experience maintains BitLocker’s strong performance, reliability, and deployment benefits while still meeting security expectations.
In today’s BYOD environment, enterprises can’t assume that devices accessing their networks are malware-free. Windows 10 helps ensure that unhealthy devices can be identified and gated from business resources using a combination of the Windows Device Health Attestation cloud service and mobile device management systems such as Microsoft Intune.* Windows 10 uses the Trusted Platform Module (TPM) 2.0 hardware built into newer PCs to monitor startup processes services and determine if data is trustworthy. With Conditional Access, IT departments can detect and prevent low-level malware, and noncompliant devices can be denied access to specific applications like email and Microsoft SharePoint sites or to the entire corporate network.
*Microsoft Intune sold separately.
Device Guard on Windows 10 puts you in control of your environment—and a step ahead of malware—with rigorous access controls that help protect the Windows system core and prevent untrusted apps and executables from starting. With it, you can lock down devices, granting access only to apps from trusted sources. Device Guard uses hardware-based isolation and virtualization to protect itself and the Windows system core from vulnerability and zero-day exploits. Its Hyper-V Code Integrity Service feature enforces best practices for running drivers and other software at the highest level of privilege.
While Microsoft Passport and Windows Hello strengthen and protect user credentials, Credential Guard takes the next step and protects the user access tokens that are generated once your users have been authenticated. With these tokens, an attacker could access your resources by effectively impersonating a user’s identity. Credential Guard stores user access tokens within a virtualization-based security environment running on Hyper-V, away from the Windows 10 kernel. So even if a device is compromised, the credentials are not available to the attacker. This helps safeguard you from Pass-the-Hash and other advanced persistent attacks. Isolating security credentials from malware also helps prevent one infected machine from damaging others running in the same datacenter.
Credential Guard can be enabled using Group Policy, making it easy to administer using your existing management tools.
Windows Trusted Boot
Windows Trusted Boot used in combination with UEFI Secure Boot, a hardware standard developed by members of the PC industry, helps make sure that your PC starts securely and that only trusted software can run during startup. When the PC starts, the UEFI firmware checks the signature of each piece of boot software and the operating system, avoiding headaches caused by malware that can load before the operating system boot process has begun. From here, Windows Trusted Boot helps ensure that all Windows boot components, drivers, and compatible anti-malware solutions start with integrity.
Microsoft Passport and Windows Hello
Microsoft Passport and Windows Hello together offer convenient multifactor authentication and enterprise-grade security. Microsoft Passport is an easy-to-deploy, two-factor password alternative that unlocks your device and grants access to services using a PIN or Windows Hello, which supports fingerprint, facial, and iris recognition.
Embedded Mode support
This mode designates a particular device as “a special-purpose device that is closely managed by a knowledgeable admin that can grant applications abilities not safe for store apps.” Examples of capabilities that are enabled in this mode are: shutting down or restarting the device, using low-level busses like GPIO and I2C, and changing the time zone.
Background Applications for IoT
These deployable services run as a background process and do not drive a traditional display. They can still drive nontraditional displays such as SPI, LCDs, or even web servers.
Customizable UI for IoT
Windows 10 IoT Core is optimized for delivering ideal experiences on small devices with or without displays. It is easily customized and configured. Devices with a user interface allow the use of a custom-branded, device-specific experience. Applications have hardware access to expose device-specific functionality.
Ask Cortana for images
Microsoft Edge, with its Ask Cortana feature, now supports right-clicking on images to get instant results without leaving the page. With Ask Cortana support on images, you can now use the power of Bing image search for any image on the web. Just right-click on an image in Microsoft Edge, select the option to “Ask Cortana” (or “Bing Lookup” if Cortana is not enabled), and you’ll see everything we know about that image. You’ll get image dimensions, other sizes of that image, places to buy that product, recipes for food items, related images, related searches, and more.
Support for Cortana is only available in select market.
...... and much more!
The information on this page is for informational purposes only, is subject to change at any time without notice, and may not be applicable to customers in all geographies.