Microsoft Stresses Security with Updating to Windows 10
Microsoft really, really wants people top dump Windows XP, Windows 7, and Windows 8/8.1 for Windows 10. They have been really aggressive urging people to upgrade to Windows 10, even to installing the update without being asked to do so. This week, it is providing a new incentive for upgrading to Windows 10, especially in business: enhanced security.
Microsoft announced a new service, that is built into Windows 10, called Windows Defender Advanced Threat Protection. This new service helps IT detect and make suggestions on how to respond to attacks that has made it on the network. Windows Defender does not currently fix or patch any of the breaches that was detected, but Microsoft is planning on adding these capabilities in the future.
Windows Defender APT is one of the core security features that Microsoft has added to Windows 10 in hopes of appealing to enterprise IT departments. Some of the other core features they are offering:
- Credential Guard is built into Windows 10 Enterprise and Educational editions. This tool stores credentials (NTLM hashes and Kerberos tickets) with the LSASS process that manages them in an isolated Hyper-V virtualized container.
- Device Guard is a tool that helps prevents untrusted applications from running on Windows 10 Enterprise PCs. By using virtualizations, it isolates the code integrity services from the Windows Kernel. For this to work, in the way that they want you to use it, you will have to go in manually to sign your applications and determine their trustworthiness.
- Windows Hello is a biometric authentication feature that is built into Windows. It uses fingerprint matching and facial recognition.
- Enterprise Data Protection is a tool that works with Microsoft's Intune and Configuration Manager server to encrypt enterprise data and remotely wipe enterprise data from devices. Microsoft's stands apart in its integration with Azure Active Directory for access management to cloud and other services.
Windows 10 also provides the security tools included in the previous versions of Windows. A good example of this is the software firewall, BitLocker Encryption, and Windows Defender Antimalware tool.