Microsoft is continuing to announce new features for the upcoming Windows 10 Creators Update, outlining new features that are aimed at IT professionals. Over the last couple of months, the company announced that the update - formerly known as Redstone 2 - will include new virtual and augmented reality features, game broadcasting, Continuum improvements for Windows 10 Mobile, and more.
Today's announcement builds on security features that the company unveiled at its Ignite 2016 conference, which include Defender Advanced Threat Protection (ATP) and Office ATP being able to communicate with one another through the Windows Security Center. This will allow IT admins to "easily follow an attack across endpoints and email in a seamless and integrated way."
Enriched Detection. As I’ve said before, methods and means attackers use are increasingly varied, complex and well-funded. The sensors we have today across the network traffic channeled through end points and the cloud are powerful. However, cyber threats won’t stop, and neither will we. With the Creators Update we will expand Windows Defender ATP sensors to detect threats that persist only in memory or kernel level exploits. This will enable IT administrators to monitor loaded drivers and in-memory activities, and to detect various patterns of injection, reflective loading, and in-memory modifications indicating potential kernel exploits.
Enriched Intelligence. We already add on to our Microsoft Threat Intelligence (TI) with industry partners like FireEye iSIGHT Threat Intelligence. In the Creators Update, we’ll enable IT administrators to feed their own intelligence into the Windows Security Center for alerts on activities based on their own indicators of compromise. This added level of insight will enrich machine learning models to identify and block malware more quickly and better protect their unique environment.
Enhanced Remediation. We will also deliver new remediation actions in Windows Defender ATP that will give IT administrators the tools to isolate machines, collect forensics, kill and clean running processes and quarantine or block files with a single click in the Windows Security Center and further reduce response time.
However, the focus of today's announcement wasn't only on security. There will be additional insights on the Windows Analytics dashboard, which will "help IT administrators better manage and support Windows 10 devices." These are meant to allow companies to use their own telemetry data to create new insights and "ensure compliance on the upgrade, update and device health processes within their organizations."
There will also be a new tool that will easily allow administrators to convert a device that uses a legacy BIOS to UEFI. Previously, they would have to reconfigure the firmware to do this, which would require hands-on time with each machine. The tool will be available through management tools such as System Center Configuration Manager (SCCM).
Mobile application management is a tool that's meant to give IT admins oversight in a BYOD (bring your own device) environment, without the device having to be enrolled in Mobile Device Management (MDM). It keeps corporate data more secure by controlling the applications that work data has access to. For example, it would keep you from copying something from your work email and pasting it into your personal email. The apps that corporate data can access will be controlled by IT admins.
Most of the features that the company outlined today were previously announced at Microsoft's Ignite 2016 conference. Others, like differential updates, were announced in November, and that's meant to decrease the size of downloads for major Windows updates, although normal users won't see the results of the Unified Update Platform until Redstone 3.
The Creators Update is scheduled for an early 2017 release, which will likely be March. Insiders have access to some of these features now, as long as they're running Windows 10 Enterprise.