Windows 10 Version 1903 und 1909 – Neuerungen und neue Security Features
Manfred Helber
Twitter: @ManfredHelber www.manfredhelber.de
Internal Use - Confidential A single cumulative update each month with no new features WINDOWS AS Quality • Security fixes, reliability fixes, bug fixes, etc. Updates • Supersedes the previous month’s update A SERVICE
A new way to build, deploy and service Twice per year with new capabilities Windows • New features and innovation APIs and security capabilities Feature • Very reliable, with built-in rollback capabilities Updates • Simple deployment using in-place upgrade, driven by existing tools • Try them out with Insider Preview
Internal Use - Confidential Windows 10 Version history
End of service for Home, Pro, End of service for Enterprise Windows 10 version history Date of availability and Pro for Workstations and Education editions editions Windows 10, version 1903 May 21, 2019 December 8, 2020 December 8, 2020 Windows 10, version 1809 November 13, 2018 May 12, 2020 May 11, 2021 Windows 10, version 1803 April 30, 2018 November 12, 2019 November 10, 2020 Windows 10, version 1709 October 17, 2017 April 9, 2019 April 14, 2020 Windows 10, version 1703 April 5, 2017* October 9, 2018 October 8, 2019 Windows 10, version 1607 August 2, 2016 April 10, 2018 April 9, 2019 Windows 10, version 1511 November 10, 2015 October 10, 2017 October 10, 2017 Windows 10, released July July 29, 2015 May 9, 2017 May 9, 2017 2015 (version 1507)
* Windows 10, version 1703 for Enterprise, Education, and IOT Enterprise editions were released on April 11, 2017. Note: Not all features in an update will work on all devices. A device may not be able to receive updates if the device hardware is incompatible, lacks current drivers, or is otherwise outside the original equipment manufacturer’s (OEM) support period.
Internal Use - Confidential Windows 10 Version 1903
Intelligent Simplified Flexible Enhanced security updates management productivity
Internal Use - Confidential Intelligent security
Internal Use - Confidential Intelligent security with Windows 10
Threat Identity Security protection protection management
Internal Use - Confidential Core Windows 10 Security Enhancements What’s new in Windows 10 May 2019 Update
Windows Sandbox Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device
Windows Defender Application Guard Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings Enterprise users are able to check their settings to see what their administrators have configured for their machines to better understand the behavior Windows Defender Application Control New features that light up key scenarios and provide feature parity with AppLocker
Microphone privacy settings A mic icon appears in the notification area letting you see which apps are using your microphone
Internal Use - Confidential Security management What’s new in Windows 10 May 2019 Update
Windows Security app improvements Protection history Detailed and easier to understand information about threats and available actions Controlled Folder Access blocks added to Protection history Actions from Windows Defender Offline Scanning tool Any pending recommendations Tamper Protection Prevent malicious apps from changing important Windows Defender Antivirus settings Windows Defender Firewall Windows Subsystem for Linux (WSL) Add rules for WSL process, just like for Windows processes
netsh.exe advfirewall firewall add rule name=wsl_python dir=in action=allow program="C:\users\
Internal Use - Confidential Identity protection What’s new in Windows 10 May 2019 Update
Streamlined Windows Hello PIN reset experience1,2 Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web
Sign-in with Password-less Microsoft accounts Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience! 1
Remote Desktop with Biometrics Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session
1To use Windows Hello with biometrics specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware-based protection of the Windows Hello credential/keys requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based. Internal Use2 Not- Confidential available for all SKU’s Intelligent security with Windows 10
Threat Identity Security protection protection management
Microsoft Defender Advanced Windows Hello PIN reset Windows Defender Firewall Threat Protection for WSL Password-less sign-in Windows Defender Antivirus Windows Security app improvements Remote Desktop with Biometrics improvements
Windows Sandbox Protection history enhancements
Mic privacy settings Tamper Protection
Windows Defender Application Guard Enhancements
Internal Use - Confidential Simplified updates
Internal Use - Confidential Simplified updates
Streamline deployment and Application compatibility updates with modern tools IT can trust
Internal Use - Confidential Streamline deployment and updates What’s new in Windows 10 May 2019 Update
Reserved Disk Space New and wipe-and-load installations of version 1903 will automatically reserve disk space to be used by Feature and Quality Updates, ensuring the updates do not fail for disk space reasons Automatic Restart Sign-on (ARSO) For Azure AD joined systems, Windows will automatically logon as the user and lock the device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. Servicing Updates Pause updates, Background processing, intelligent Active Hours, and deferral notifications have all been enhanced Use instead of media-based to reduce the Feature Update size with Express Updates
Internal Use - Confidential Streamline deployment and updates What’s new in Windows 10 May 2019 Update
Delivery Optimization (DO) Improve Peer Efficiency for Enterprises/EDUs with complex networks (via a set of new Policies) New! supports Office 365 ProPlus updates, Intune content, and ConfigMgr is coming soon! Feature Rollback Improvements Supports Quality Updates and Feature Updates Initiate a rollback remotely using MDM, or trigger via ConfigMgr or other management tool
Internal Use - Confidential Simplified updates
Delivery Optimization (DO) Desktop App Assure
Express updates Windows Insider Program for Business
StreamlineServicing-based deployment feature updates and ApplicationReadyforMicrosoft365.com compatibility updates with modern tools IT can trust Feature Rollback improvements
Delivery optimization
Internal Use - Confidential Flexible management
Internal Use - Confidential Flexible management
Deliver enterprise-ready Simplify device devices easily management
Internal Use - Confidential Deliver enterprise-ready devices What’s new in Windows 10 May 2019 Update
Windows Autopilot 1 Enrollment Status Page (ESP) enhancements Silencing Cortana in OOBE Windows Autopilot white glove deployment Windows Autopilot is self-updating during OOBE
1 Requires Azure Active Directory Premium P1 and Intune or another MDM solution Internal Use - Confidential Simplify device management What’s new in Windows 10 May 2019 Update
Mobile Device Management Policies New Group Policies and MDM policies for managing Microsoft Edge BitLocker can silently be enabled for standard AAD Joined users Updated Microsoft 365 Admin Center (preview April 2019) Intune Security Baselines (preview) Includes many settings supported by Intune that you can use to help secure and protect your users and devices. Automatically sets these settings to values recommended by security teams
1 MDM requires an MDM product such as Microsoft Intune or other 3rd-party solutions (sold separately). 2 Available in select markets. Functionality and apps may vary by market and device. Internal Use - Confidential Flexible management
Windows Autopilot Mobile Device Management
Windows Subscription Activation Mobile Application Management
Deliver enterprise-ready WindowsSimplify Shared device Devices devices easily management Microsoft Store for Business
Internal Use - Confidential Enhanced productivity
Internal Use - Confidential Enhanced productivity
Work Cultivate Empower smarter collaboration workstyles
Internal Use - Confidential Work smarter What’s new in Windows 10 May 2019 Update
Windows Shell Search for Linux files contained in a WSL distro Top apps and recent files displayed when you click in the Search bar Separating Search and Cortana1
Timeline Chrome extension adds Google Chrome activity to Timeline
1Cortana available in select markets; experience may vary by region and device. Cortana app required for Android and iOS devices (Requires Android version 4.1.2 or higher, or iPhone 4 with iOS 8.0 or higher). Internal Use - Confidential Empower workstyles What’s new in Windows 10 Update 1903
Accessibility Narrator Improvements including more voices and reading controls Ease of Access improvements including 11 new mouse pointer sizes Narrator QuickStart, a short tutorial for new users Kaomoji and Emoji Updates Tap WIN +(period) to access new kaomojis and emojis, finding the right one is a keyword away
Internal Use - Confidential Enhanced productivity
Search for Linux Files in WSL Office 365 on Windows Work across devices
Cortana Nearby Sharing Accessibility
Work MicrosoftCultivate Whiteboard KaomojisEmpower& Emojis smarter collaboration workstyles OneNote Windows Virtual Desktop
Internal Use - Confidential Windows 10 gets better with each update With enhanced security, more tools for IT and end user productivity features
. Windows Autopilot . Windows Defender ATP . Windows Defender Security Center . Express update delivery . Hyper-V . Windows 10 Subscription Activation . Windows Information Protection . Windows Insider Program for Business . Windows Hello for Business . Paint 3D . Cortana at work . Mobile Device Management . Windows Analytics Upgrade Readiness + . Night light, mini view . AAD Join . App-V, UE-V . Windows Store for Business . Hybrid Azure Active Directory Join . Windows Information Protection . Windows Hello + . Windows Hello for Business . Microsoft Edge . Windows Update for Business . Windows Ink . Windows Analytics Upgrade Readiness . Device Guard + . Mail, Calendar, Photos, Maps, Groove, Skype . Mobile Device Management . Device Guard . App-V, UE-V . Credential Guard . AAD Join . Credential Guard . Hybrid Azure Active Directory Join . BitLocker + . Windows Defender Antivirus . Windows as a service . Windows Defender Antivirus . Windows as a service . Windows Store for Business . BitLocker . Windows Ink . SmartScreen . Windows Hello . In-place upgrades . Windows Hello . In-place upgrades . Windows Update for Business . SmartScreen . Mobile Device Management . Windows as a service . Microsoft Edge . Continuum . Microsoft Edge . Continuum . Mail, Calendar, Photos, Maps, Groove, . Windows as a service . AAD Join . In-place upgrades . Device Guard . Cortana . Device Guard . Cortana Skype . In-place upgrades . Windows Store for Business . Continuum . Credential Guard . Windows 10 core . Credential Guard . Windows 10 core . Windows Defender Antivirus . Continuum . Windows Update for Business . Cortana . BitLocker . BitLocker . Windows Hello . Cortana . Mail, Calendar, Photos, Maps, Groove, Skype . Windows 10 core . SmartScreen . SmartScreen . Microsoft Edge . Windows 10 core . Windows Defender Antivirus 1507 1511 1607 1703
Internal Use - Confidential . Windows Virtual Desktop (Preview) . Microsoft Defender Advanced Threat Protection enhancements Windows 10 gets better with each update . Attack Surface Reduction enhancements . Next Generation Protection enhancements . Tamper Proofing Capabilities With enhanced security, more tools for IT . Windows Sandbox . Application Guard enhancements . Sign-on with Password-less Microsoft accounts and end user productivity features . New Kaimojis and Emojis . Accessibility Improvements . Windows Shell enhancements . Windows Timeline . Device Management Policies . Microsoft Defender ATP new attack surface area reduction controls . Intune Security Baselines . Investigation and remediation across Office 365 ATP and Microsoft . Enhanced Enrollment Status Page Defender ATP . Windows AutoPilot White Glove . Web Authentication in Microsoft Edge . Setup Diag . Windows Hello with FIDO 2.0 . Automatic Restart Sign On (ARSO) . 30 months of support for September releases . Reserved Disk Space . Windows Autopilot Self-deploying mode . Improved Delivery Optimization (DO) . Windows Autopilot Hybrid Azure AD join . Windows Analytics – Spectre & Meltdown, Delivery Optimization, . S Mode Block Switch . Windows Analytics – Spectre & . Windows Ink Application Reliability Logon Health + Meltdown, Delivery Optimization, . Mobile Device Management . WDATP Automated Remediation . Microsoft Edge kiosk mode Application Reliability Logon Health . AAD Join . Desktop Analytics (Preview) – Intelligent Pilot Selection and ConfigMgr . WDATP Automated Remediation . Windows Store for Business . Conditional Access based on WDATP device risk Integration . Conditional Access based on WDATP . Windows Update for Business . Threat Analytics device risk . Mail, Calendar, Photos, Maps, Groove, . ReadyforMicrosoft365.com . Threat Analytics Skype . Emergency Outbreak Updates . Microsoft Edge experience improvements . Emergency Outbreak Updates . Windows Defender Antivirus . Advanced hunting . Advanced hunting . Windows Hello . Accessibility enhancements . Cloud Credential Guard . Microsoft Edge . Cloud Credential Guard . Access the clipboard across devices . Diagnostic data viewer . Device Guard . Diagnostic data viewer . Windows Autopilot enrollment status . Credential Guard . Windows Defender Exploit Guard, System Guard, Application Guard, + . Your Phone . Windows Autopilot enrollment status page page . BitLocker Application Control . Windows 10 Enterprise in S mode . SmartScreen . Mobile Device Management . Windows 10 Enterprise in S mode . Windows Analytics – Spectre & Meltdown, . Windows Defender Security Center . Shared Windows Devices . Windows as a service . Shared Windows Devices Delivery Optimization, Application Reliability . Express update delivery . Nearby Sharing . In-place upgrades . Windows Analytics Update Compliance Logon Health . Hyper-V . Dictation . Continuum . Windows Analytics Device Health . Nearby Sharing . WDATP Automated Remediation . Windows 10 Subscription Activation . Timeline . Cortana . Dictation . Conditional Access based on WDATP device . Windows Insider Program for Business . Windows Defender Exploit Guard, . Windows 10 core . Co-management + risk . Paint 3D System Guard, Application Guard, . Windows Defender ATP new attack . Enterprise search in Windows . Timeline . Threat Analytics . Cortana at work Application Control surface area reduction controls . Emergency Outbreak Updates . Night light, mini view . Mobile Device Management . Investigation and remediation across . Continue on PC . Windows Defender Exploit Guard, System . Windows Hello for Business . Advanced hunting . Windows Information Protection . Windows Analytics Update Compliance Office 365 ATP and Windows Defender . OneDrive Files On-Demand Guard, Application Guard, Application . Windows Analytics Upgrade Readiness . Cloud Credential Guard . Windows Hello for Business . Windows Analytics Device Health ATP Control . App-V, UE-V . Diagnostic data viewer . Windows Analytics Upgrade Readiness . Co-management . Web Authentication in Microsoft Edge . Narrator . Mobile Device Management . Hybrid Azure Active Directory Join . Windows Autopilot enrollment status page . App-V, UE-V . Enterprise search in Windows . Windows Hello with FIDO 2.0 + . Mixed Reality Viewer . Windows Analytics Update Compliance . Windows Ink . Windows 10 Enterprise in S mode . Hybrid Azure Active Directory Join . Continue on PC . 30 months of support for September . Windows Analytics Device Health . Mobile Device Management . Shared Windows Devices . Windows Ink . OneDrive Files On-Demand releases . Windows Autopilot . AAD Join . Co-management . AAD Join . Nearby Sharing . Mobile Device Management . Narrator . Windows Autopilot Self-deploying . Windows Defender ATP . Windows Store for Business . Enterprise search in Windows . Windows Store for Business . Dictation . AAD Join . Mixed Reality Viewer mode . Windows Defender Security Center . Windows Update for Business . Continue on PC . Windows Update for Business . Timeline . Windows Store for Business . Windows Autopilot . Windows Autopilot Hybrid Azure AD . Express update delivery . Mail, Calendar, Photos, Maps, Groove, Skype . OneDrive Files On-Demand . Mail, Calendar, Photos, Maps, Groove, Skype . Windows Defender Exploit Guard, System . Windows Update for Business . Microsoft Defender ATP join . Hyper-V . Windows Defender Antivirus . Narrator . Windows Defender Antivirus Guard, Application Guard, Application . Mail, Calendar, Photos, Maps, Groove, Skype . Windows Defender Security Center . S Mode Block Switch . Windows 10 Subscription Activation . Windows Hello . Mixed Reality Viewer . Windows Hello Control . Windows Defender Antivirus . Express update delivery . Microsoft Edge kiosk mode . Windows Insider Program for Business . Microsoft Edge . Windows Autopilot . Microsoft Edge . Mobile Device Management . Windows Hello . Hyper-V . Desktop Analytics (Preview) – Intelligent . Paint 3D . Device Guard . Windows Defender ATP . Device Guard . Windows Analytics Update Compliance . Microsoft Edge . Windows 10 Subscription Activation Pilot Selection and ConfigMgr . Cortana at work . Credential Guard . Windows Defender Security Center . Credential Guard . Windows Analytics Device Health . Device Guard . Windows Insider Program for Business Integration . Night light, mini view . BitLocker . Express update delivery . BitLocker . Co-management . Credential Guard . Paint 3D . ReadyforMicrosoft365.com . Windows Information Protection . SmartScreen . Hyper-V . SmartScreen . Enterprise search in Windows . BitLocker . Cortana at work . Microsoft Edge experience . Windows Hello for Business . Windows as a service . Windows 10 Subscription Activation . Windows as a service . Continue on PC . SmartScreen . Night light, mini view improvements . Windows Analytics Upgrade Readiness . In-place upgrades . Windows Insider Program for Business . In-place upgrades . OneDrive Files On-Demand . Windows as a service . Windows Information Protection . Accessibility enhancements . App-V, UE-V . Continuum . Paint 3D . Continuum . Narrator . In-place upgrades . Windows Hello for Business . Access the clipboard across devices . Hybrid Azure Active Directory Join . Cortana . Cortana at work . Cortana . Mixed Reality Viewer . Continuum . Windows Analytics Upgrade Readiness . Your Phone . Windows Ink . Windows 10 core . Night light, mini view . Windows 10 core . Windows Autopilot . Cortana . App-V, UE-V . Mobile Device Management . Windows Information Protection . Windows Defender ATP . Windows 10 core . Hybrid Azure Active Directory Join 1709 1803 1809 1903
Internal Use - Confidential Begin your journey with Windows 10 today
Internal Use - Confidential January 14th 2020
Internal Use - Confidential Manfred Helber
Twitter: @ManfredHelber LinkedIn: Manfred Helber www.manfredhelber.de
Internal Use - Confidential https://aka.ms/WBSCEvents
Internal Use - Confidential www.windows-business-solutions-club.de
Internal Use - Confidential Vielen Dank!
Internal Use - Confidential