Matcitsupport.org



Latest features available from the windows 10 updates that could be beneficial for students & businesses based within the Milwaukee areaBy: Jeremy Konetz|November 20, 2018|Informative Article What are some of the benefits that the latest windows 10 updates provide to students and Milwaukee area-based businesses? Note the last three updates made available through windows 10 updates are windows 10 version 1709 (Released: January 23, 2018), windows 10 version 1803 (Released: July 6, 2018), and windows 10 version 1809 (Released: October 1, 2018). What are some of the beneficial updates provided in the Windows 10 update version 1709 released on January 23, 2018, one of the first updates Windows 10 released this year. What are the areas that this update has improved on?Deployment Launching the autopilot application.Accomplished through a zero-touch experience. Example shown in figure 1. Figure SEQ Figure \* ARABIC 1 Resource link: or organization profile configuration can be accomplished at the vendor with the devices sent directly to them upon completion. Example shown in figure 2. Figure SEQ Figure \* ARABIC 2 1 Resource link: on subscription to windows 10.Feature allows for Windows 10 enterprise to be deployed within an organizational networks structure without applying any keys or rebooting of devices or components within an organizations operational system. See figure 3.Figure SEQ Figure \* ARABIC 3 1 Resource link: through a list of subscribed users within an organizational network. See figure 4. Figure SEQ Figure \* ARABIC 4 Resource link: the end user logs into their programed Windows 10 pro device, the enterprise enabled only feature will be activated as shown in figure 5 down below. Figure SEQ Figure \* ARABIC 5 Resource link: HYPERLINK "" reset available in this version. This application allows an administrator to personal files, applications, and settings from a previous end-user. Provides a customized log-in screen to secure the screen & prevent unauthorized access, but also allows for the facilitation of applying the original settings & management enrollment to the device so it can be returned to a fully operational configuration that is approved within the IT-department of an organization & ready for the next authorized user.Available updates are facilitated through Windows updates for business (WUfB) & Windows insider program for business. The Windows updates for business (WUfB) provides additional controls that allows an organization to manage the windows insider program by means of enrollment polices.The windows insider program for business would allow for the facilitation of your Azure AD domains for the windows insider program to be registered.Administrative update made available in this update is the MDM (Mobile device management) feature.The expansion in this update has allowed for devices within the Azure active directory to be registered, allowing for them to be brought together through group policy as well. See figure 6. Figure SEQ Figure \* ARABIC 6 Resource link: allows for multiple newly configured items to be brought in. See figure 7. Figure SEQ Figure \* ARABIC 7 Resource link: management update called mixed reality apps.Allows the administrator within an organization to utilized WSUS to facilitate action within the network system to take actions that enable windows mixed reality but allows for the capability for an administrator to the installation of mixed reality portal as well if they so desire.Kiosk configuration updates are available.With this update is allows for assigned access CSP expansion that enable administrators to generate kiosks that run more than one application at one time. Provides for multiple application kiosks to operate utilizing the provisioning package.Windows analytical updates in the areas of upgraded readiness, updated compliance, and device health.Accomplished through Microsoft operations management suite. See figure 8. Figure SEQ Figure \* ARABIC 8 Resource link: upgraded readiness app allows for the assessment of application & driver compatibility issues that may arise.This application provides for better app coverage, allows for post health upgrade reports, and provides a means for enhanced reporting filtering capabilities. See figure 9. Figure SEQ Figure \* ARABIC 9 Resource link: compliance allows for new capacity to monitor the windows defender protection status, allows for comparison with peers in the industry, and maximization of band width for deploying updates that are available. See figure 10. Figure SEQ Figure \* ARABIC 10 Resource link: the device health application this update will allow the end user to have a tool at there disposal that provides a premium analytical tool that helps provide information regarding devices & drivers within an operating system that crash frequently & may need to fixer or replaced. See figure 11 for example. Figure SEQ Figure \* ARABIC 11 Resource link: HYPERLINK "" update came some security upgrades for instance windows defender device guard, defender ATP, exploit guard, information protection, Windows hello, bit locker, application guard, and security baselines. Note with this upgrade the security labeling changed from Windows security features to Windows defender security.Defender ATP provides an analytical tool that provides very powerful analytical tools, a security stack integration, and a centralized means to provide for enhanced management of detection, prevention, investigation, response, and management of security issues within a network operating system. See figure 12. Figure SEQ Figure \* ARABIC 12 Resource link: Application guard provides a means for which the user can harden a favorite entry point for which hackers tend to break into a computer system by isolating the malware other security threats that are posed to data, applications, and infrastructure contained within that device. See figure 13. Figure SEQ Figure \* ARABIC 13 Resource Link: guard provides for intrusion protection means to mitigate the risk of an attack & exploitation of the surface within applications. See figure 14. Figure SEQ Figure \* ARABIC 14 Resource Link: information protection feature has been designed to work in connection with Microsoft office & the Azure information protection. See figure 15. Figure SEQ Figure \* ARABIC 15 Resource link: HYPERLINK "" The windows hello feature provides for an enhanced lock experience, however, if the user wants to unlock a device at another location it utilizes a multiple factor, as well as a proximity signal to unlock the device so it can be used. See figure 16. Figure SEQ Figure \* ARABIC 16 Resource link: guard provides for integrity code configurable capabilities.Has been renamed within the Windows 10 operating system as the Windows defender application control.Provides for the ability to distinguish between of a stand-alone item within a system verses a control execution of a command within application.Bit locker pin protocol has been changed form a 6 to a 4, however, has a default of a 6. Security baselines for this update have been changed in this update to reflect the recommended configuration settings and provide an explanation of their impact of the device’s security. Security baselines also provide for an impact on the security within an operating system.What are some of the benefits provided to us in the windows version 1803 released July 6, 2018, note this the second update Windows 10 released this year. In what areas has this update improved upon?Deployment:In autopilot we have available to us the modern life cycle management service, which is powered by the cloud service that allows us to have a zero-touch experience upon logging in. See figure 17 for an example. Figure SEQ Figure \* ARABIC 17 Resource link: With Intune we can lock the device providing an out of the box experience until device policies & settings are establish for that device, allowing time for the end user to get to their desktop, and upon arrival can the device can be secured & proper configuration can be established. Example down below in figure 18.Figure SEQ Figure \* ARABIC 18 Resource link: HYPERLINK "" S mode is now available with this update.Available to end users in Home, pro pc, and commercial settings.Allows for applications within the windows operating system to be evaluated by Microsoft to determine compatibility & performance.Enhanced performance through quick startups, but also makes sure it stays that way.Provides for more choice & flexibility for end users by for example allowing them a choice of where they can save their file in whatever location they want, This option is available on quite several modern devices.Example of a S mode installation within a system seen down below in figure 19: Figure SEQ Figure \* ARABIC 19 Resource link: & kiosk browser updates that are available:Manage can be accomplished through Intune involving single or multi-application scenario options.New browser option available in this option through Microsoft storeAn outstanding way to deliver enhanced & custom-tailored browsing experiences to key setting like for example in a retail & a setting where signage is involved.Some of the additional features in this case are with the usage of Intune one can expeditiously deploy a kiosk browser through the Microsoft store by means of configuring the start URL’s, allowable URL’s, and the disable & enables of certain buttons & features by means of navigational tools.Another additional figure would be the ability to support multiple screen signage.Has the ability to support the run & configure the shell launcher command for a setup that has an existing UWP store application. Enforcement of MDM configurations through the enrollment status page by means of assigning access.With windows subscription activation support one can benefit from inherited activation.With this update the in windows 10 the end user can run their own custom scripts & actions parallel with their current setup.SetupDiag is a new command line app available in this update that helps diagnose any problems that may arise within the windows 10 operating system.Windows updates for business (WUfB) in this update allows for more control over such items as updates & the ability to uninstall or stall updates that could pose a problem to the windows 10 operating system.Windows analytics updates available:With regards to device health we will see new application ability reports and see how updates impact or how certain configurations changes that are implemented can reduce crashes within the operating system. Example provided in figure 20.Figure SEQ Figure \* ARABIC 20 Resource Link: HYPERLINK "" In this update with regards to update compliance there is added delivery optimization to provide the end user with an assessment of bandwidth consumption within the windows operating system. An example is provided in figure 21.Figure SEQ Figure \* ARABIC 21 Resource link: With upgraded readiness we can provide for an assessment of the spectre & meltdown protections that exist within a device. Example provided in figure 22.Figure SEQ Figure \* ARABIC 22 Resource link: Configuration updates provided in this update:Co-management provided to windows 10 through Intune & the system center configuration manager policies that allows for the enabling of the hybrid Azure AD-joined authentication to be utilized. Within this update MDM has applied and additional 150 new policies, as well as new setting within the release of this update to provide for more allowances for easy transition to a cloud-based management setup.An OS uninstall period has been established within this update to allow for any uninstalling of any updates that may harm a system, this is done typically by an administrator.Windows hello for business is now supported by the FIDO 2.0 authentication process with Azure AD for devices that operate within the windows 10 operating system. Provide a section on kiosk configuration.In windows hello it is now password less capable within S-mode. Provides support for s/mime within the windows hello for business & API’ s for those of whom are operating within the non-Microsoft identity life cycle management solutions. Provides for a protection pillar within windows defender security center.Provides for the setup of windows hello from a locked screen on a console for those of whom have an MSA account. New public API for accounts within a system that are secondary account holder to provide for a provider.Easier setup of dynamic lock and WD SC actionable alerts that an end user might see when the dynamic lock feature is disabled or down for service. Windows security updates available within this update:Windows ATP has been updated to allow for new capabilities like query date utilizing advances hunting tools in windows defender ATP, utilization of automated investigation tools that allow remediation of security threats, and the enacting of conditional access that allows for the enhance facilitation of better user protection, device protection, and data protection within an operating system. Figure SEQ Figure \* ARABIC 23 Advanced hunting tool example / Resource Link Figure SEQ Figure \* ARABIC 24 example of automated investigative tool / Resource link: HYPERLINK "" With the windows defender antivirus feature we are now enabled with the ability to share within the status quo the Microsoft 365 services status but provides for interoperability within the windows ATP setup.Note that additional have been enabling to provide for more cloud-based protections, but new channels are provided to provide for additional protections for an emergency that may arrive. See example provided in figure 25.Figure SEQ Figure \* ARABIC 25 Resource link: HYPERLINK "" The exploit guard features in this update provide for an enhanced surface attack area reduction, expanded support for Microsoft office apps, and is capable of supporting servers within windows. This feature also provides for enabling across the windows 10 ecosystem with regards to VBS (Virtual based security) and provides for hypervisor-protected code integrity (HVCI) as well.The application guard in this update can provide additional support for Microsoft edge. The device guard application in this update can provide for configurable code integrity, which has also been renamed windows defender application control.This feature can also provide for a distinguishable application feature that can provide control over the execution of applications within the windows operating system.The information protect update in this application allows for the enabling of supporting WIP through the files on demand feature, allows encrypted files to remain open while another app is open & being utilized at the same time. Ransomware protection is provided in this update to the office 365 program.In this update in your one drive files have been compromised through an attack it provides with an avenue to regain them.Updates available in the privacy & accessibility:When it comes for updates regarding the accessibility factor here it provides for an “out of the box” experience through auto-generated pictorial descriptions. Updates in the privacy area will enable the user to in the feedback & settings page in the privacy section delete diagnostic data within your device that has been forwarded to Microsoft. This feature will allow you to see the diagnostic data for your device in the diagnostic data view application within the privacy settings.An example of this can be seen down below in figures 26 27.Figure SEQ Figure \* ARABIC 26 Resource link: Figure SEQ Figure \* ARABIC 27 Resource link: HYPERLINK "" What are some of the benefits provided to us in the windows version 1809 released October 1, 2018, note this the second update Windows 10 released this year. In what areas has this update improved upon?With your phone app you can know view pictures on your android device that are on your pc, which previously was considered impossible, on your android device. With this application the end user would be able to take the photos from their pc & email them to their phones to do this. This new app allows the end user to see photos from their pc on their android device. See figure 28 for an example down below. Figure SEQ Figure \* ARABIC 28 Resource link: HYPERLINK "" The wireless projection app has been updated to allow an end user to view his or her wireless projection session through a control banner at the top of the screen when the session the end user is using is in progress. Note previously it was hard to tell if you were projecting wirelessly, but disconnect was more difficult if your projecting session was facilitated from within file explorer or from another app. An example of that is seen down below in figure 29.Figure SEQ Figure \* ARABIC 29 Resource link: In this update the Windows autopilot feature in self-deploying mode can plug into ethernet with the device already having been configured automatically within the Windows autopilot application.In this latest version of the autopilot self-deploying mode the end user doesn’t have to utilize a next button to go to the next step of completing the log in process.In this mode an end user can register the device they are utilizing as an ADD tenant, enrollment with the organizations MDM provider, and with the organizations provisional policies & apps.User interaction & authentication within this process is required.The kiosk setup app in this update is applied through a simplified access configuring experience within the settings menu that only allows designation end users with administrative access to stage a pc as either a kiosk or a digital sign. A wizard is utilized to guide the administrator the process and allow that administrator to designate the pc as either a kiosk or digital sign when the device starts up. See example shown down below in figure 30.Figure SEQ Figure \* ARABIC 30 Resource link: HYPERLINK "" Note if your kiosk setup is through the Microsoft edge kiosk mode with just a single app being assigned access there are two types of kiosks digital/interactive mode & public browser. See example in figure 31. In the digital/interactive mode the display within the website is in full screen and operates within the InPrivate mode.In the public browser it operates with minimum features at its disposal, however, it can support multiple tab browsing InPrivate mode. Figure SEQ Figure \* ARABIC 31 Resource link: Also note that if your kiosk setup is through the Microsoft edge kiosk mode with just a multi app have been assigned access there are two kiosk types public browsing & normal mode. See example in figure 32 & 33.In public browsing mode web browsing can be facilitated through multi tab browsing InPrivate mode, having minimum features being available to the users. Figure SEQ Figure \* ARABIC 32 Public browsing Resource link: HYPERLINK "" In normal mode not all the features may be operational contingent on how they are built within the assigned access feature but will be able to run in the full version of Microsoft edge. Figure SEQ Figure \* ARABIC 33 Normal mode Resource link: HYPERLINK "" Registry editor improvements that have been made in this latest update is through the addition of a dropdown list that provides a display when you type in commands that assist you with the part of your path completion to the next leg within your journey. See figure 34 as an example. Figure SEQ Figure \* ARABIC 34 Resource link: HYPERLINK "" Some of the remote desktop with biometrics updates included within this update are with Azure active directory or the active directory users feature the administrator can utilize the Windows hello for business application to provide biometrics to authenticate authorized users to facilitate remote access desktop sessions remotely. See an example down below in figure 35. Figure SEQ Figure \* ARABIC 35 Resource link: HYPERLINK "" What are the procedures or enabling remote desktop biometrical access?First, the administrator would have to go into the remote desktop connection (mstsc.exe), enter in the name of the computer console they want to have access to, and the click connect in order to connect to have remote access to that computer console. See example figure 36 down below. Figure SEQ Figure \* ARABIC 36 Resource link: HYPERLINK "" For the purpose of illustrating this example will choose to access the systems Windows server 2016 Hyper-V server through facial recognition as our biometrical means of access for this. Note facial recognition is one method of doing it, however, there are other means to access biometrically with electronics like an iris scan & finger print. See an example down below in figure 37.Figure SEQ Figure \* ARABIC 37 Resource link: There are several security upgrades included within this update. They are:Addressing of current threats to your computer/network system through enhanced virus & protection by means of an updated screen format shown down below in figure 38. Figure SEQ Figure \* ARABIC 38 Resource link: HYPERLINK "" This would enable an administrator or end user to take prompt action on threats that exist within their networks or computer systems. Updates have been added to bit locker are enforcement quietly to designated drives & the delivery of bit locker policy to the autopilot feature on devices during the OOBE process.During quiet enforcement to designated devices bit locker by means of MDM policy, bit locker can be employed to that device quietly for the standard Azure directory joined users. Note that with this update to the bit locker protocols & feature bit locker CSP and be leveraged through Intune, as well as others. In the delivery of bit locker policy to the autopilot feature on devices during the OOBE process you can choose the encryption algorithm you would want to apply automatically to devices, rather than must have to those devices choose to themselves through their own default algorithm protocols. Some of the updates made to the windows defender application guard is the application of a new user interface within the windows security within this release of it.With this update to make a long story short regular standalone user can know configure & install their windows defender application guard setting without have to use a key every time to accomplish this.Down below here is how you can manage those settings:In settings click windows security, and upon entering the windows security screen click the apps & browser control option within the menu a shown down below in figure 39. Figure SEQ Figure \* ARABIC 39 Resource link: HYPERLINK "" Click the isolated browsing app, after doing that make sure you select the install windows defender application guard app, and upon successfully doing that install the defender application guard app followed by restarting your computer. See example figure 40 down below. Figure SEQ Figure \* ARABIC 40 Resource link: After a successful restart of the computer or device go back to the app & browser control screen and in the isolated browsing setting click the change application guard settings as shown down below in figure 41. Figure SEQ Figure \* ARABIC 41 Resource link: 28333561811500In the next screen you may configure or check the application guard settings and make any adjustments as desired to accomplish the desired outcome. See an example in figure 42. Figure SEQ Figure \* ARABIC 42 Resource link: HYPERLINK "" With this update windows defender security center has been changed to windows security center. Same access as previously.It now will allow you to manage all the security needs like previously but also include windows defender antivirus & windows defender firewall.Note that with this updated setup the antivirus products are required and must operate as a secured process to the register.Fluorescent design system will contain elements within it that we have a familiarity with. See example figure 43 down below. Figure SEQ Figure \* ARABIC 43 Resource link: The ability to add & define specific rules within the WSL (Windows Subsystem for Linux) in the windows defender firewall is now possible as it would be with any other process contained within windows.In this update we have new adjustments for group policies and MDM settings for Microsoft edge.Windows defender credential guard provides support within the windows operating system by default on all devices that have the windows 10 operating system on it. Note previously this was a feature was optional & not available by default.If you have window 10 pro the S mode feature on it will require the usage of a network connection in order to setup a new device within the network. Many new features have been added to the windows defender ATP setup in this update. They are:Threat analytics which is a contemplation of interactive reports provided by windows ATP research team as new security threat emerge, but outbreaks are identified once they start happening. Custom detection which allows the user to generate queries that can monitor any events that have any specific behaviors that are suspicious & threats that are emerging but possess a threat to your computer or network. Managed security service provider (MSSP) support which provides us with scenario-based support by means of MSSP integration. Integration of the Azure security center that provides comprehensive server protection solutions to help keep servers secured. Integration of the Microsoft cloud app security that allows for direct visibility within the cloud application usage that also allows for the usage of cloud services that are not supported by all windows defender ATP monitored devices. The windows server onboard 2019 is now supported by the upgrade.Note that the previous editions of the onboard windows can support other windows supported devices and can forward sensory data to the windows ATP sensors.For those organizations that have shared devices operational within the workplace can know benefit from the faster sign-in app in this update to other devices that are windows 10 shared devices. How does one accomplish this?First, you must have a device that setup for sharing.Second, policies must be configured for CSP, authentication, but the enable fast sign in polices must be activated in order to utilize this particular app.Third, after everything has been set up & gone through the required approval processes you should be able to log in using your account.See example in figure 44. Figure SEQ Figure \* ARABIC 44 Resource link: HYPERLINK "" Web based sign in has become a lot easier with this update.Previously web-based sign ins could only be accomplished through the usage of identities that were federated to ADFS or other providers of whom were supported by WS-Fed protocolsWith this new protocol non-federated providers are now supported by the web-based protocol sign in feature in windows 10.Steps to setup are as follow:First, make sure your windows 10 device is added to the Azure directory (AD).Two, configure the policies to CSP, authentication, and make sure the enable web sign in protocols, as well as policies are activated.Three, upon arriving into the login screen select the web sign option down below under the sign in options. Four, make sure you click the web sign in icon in order to sign in via the web.21894141152500See figure 45 as an example. Figure SEQ Figure \* ARABIC 45 Resource link: Summary Discussion:When we look at these three latest updates how would they be beneficial for students & businesses in the Milwaukee area? What we look at the updates 1709, 1803, & 1809 a lot of the security features would provide both the students & businesses a tremendous amount of benefits. Like for example the windows defender application, exploit, and device guard features are found on the home, as well as in the windows 10 & enterprise version of the operating system. For students these latest updated provided in the 1709, 1803, & 1809 provide a great deal of security if you are employing windows 10 home or even the windows 10 pro operating system. The added advantage if using the windows 10 pro model is that you get the benefit of bit locker, which you will have in the home edition of windows 10. Bit locker would a great way to secure a mobile computing device or laptop if you are student & your body of work is contained within it. The device feature in these latest updates is available for the home edition, if you are student this is a great way to keep your device in excellent shape. The updates to the accessibility & privacy features contained within the windows 1803 update would most certainly be very beneficial to student as well. It is another way to help keep you device secured from unwanted parties & prevent people from stealing the work you do for your classes or studies. Your phone app contained in update 1809 is a wonderful feature for students because if you are taking pictures for a project or anything related to your course work this can be bonus in that you can send pictures you take with your android phone device & forward it to your computer device to complete assignments. I noticed that in the home edition of windows 10 there is a way to link your phone to the device you own. In general when you look at all the features that I have discussed in the previous paragraphs they can be beneficial to a student in one way or another, but for a student to get any benefit of those features they would have to at upgrade their operating system at the minimum to a windows 10 pro to get any real true benefit from these upgrades. Personally, I would recommend that students upgrade their operating system to a windows 10 pro because it provides more features & services that would be much more beneficial in doing certain things. The benefits a business in Milwaukee would get from these three updates are very huge & in my opinion would provide a lot of benefit to them in the end. The security updates for those of whom operate within the windows 10 or windows 10 enterprise operating system would have a tremendous impact. Note that in the areas of analytics, deployments, and other system management tools provided within these updates will ensure a much smoother operation for a company. The enhanced security features within the last three updates allow for IT staff of whom are administrators to better secure their companies network & computer infrastructure of which today is always under a state of constant attack from hackers. They key in general is to stay ahead of the attackers. I feel these security updates that are available to the windows 10 pro & enterprise users would provide a great level of protection & Microsoft staff does an excellent job of staying ahead in the game. The analytical features provided in the last three updates like device health, compliance, and readiness will help keep the devices within the company’s network functioning at there finest. It tells a company if there are any issues that might come up if there are any compatibility problems with applications, drivers, and if security status would change for any reason. In general, the analytical tools will help keep the devices operating within the network staying healthy. Some of the additional administrative tools that would be beneficial to a local business are in the configuration area where companies have the ability to adjust there configuration settings, when comes to deployment of the operating system on devices operating within the companies network the autopilot feature will make easier for employees to log in & do their jobs much more easily, and the management of remote desktop access controlling who would have access to the companies network. Note another big security bonus for companies are in the area of bit locker which in my opinion is an excellent way to keep unauthorized users out of the network that should not have access to the network. In general, there are a lot of benefits that students & businesses in the Milwaukee area would get by having these updates in their windows 10 operating system, whether you are in the home, pro, or enterprise editions. If you want to additional information on windows 10 operating system updates & windows 10 operating system in general, you can go to for additional technical information. Reference Links:1.Windows 10 Update 1709: 2.Windows 10 Update 1803: 3.Windows 10 Update 1809: ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download