Windows 10 Version 1903 Und 1909 – Neuerungen Und Neue Security Features

Windows 10 Version 1903 und 1909 – Neuerungen und neue Security Features

Manfred Helber

Twitter: @ManfredHelber www.manfredhelber.de A single cumulative update each month with no new features WINDOWS AS Quality • Security fixes, reliability fixes, bug fixes, etc. Updates • Supersedes the previous month’s update A SERVICE

A new way to build, deploy and service Twice per year with new capabilities Windows • New features and innovation APIs and security capabilities Feature • Very reliable, with built-in rollback capabilities Updates • Simple deployment using in-place upgrade, driven by existing tools • Try them out with Insider Preview Windows 10 Version history

End of service for Home, Pro, End of service for Enterprise Windows 10 version history Date of availability and Pro for Workstations and Education editions editions Windows 10, version 1903 May 21, 2019 December 8, 2020 December 8, 2020 Windows 10, version 1809 November 13, 2018 May 12, 2020 May 11, 2021 Windows 10, version 1803 April 30, 2018 November 12, 2019 November 10, 2020 Windows 10, version 1709 October 17, 2017 April 9, 2019 April 14, 2020 Windows 10, version 1703 April 5, 2017* October 9, 2018 October 8, 2019 Windows 10, version 1607 August 2, 2016 April 10, 2018 April 9, 2019 Windows 10, version 1511 November 10, 2015 October 10, 2017 October 10, 2017 Windows 10, released July July 29, 2015 May 9, 2017 May 9, 2017 2015 (version 1507)

* Windows 10, version 1703 for Enterprise, Education, and IOT Enterprise editions were released on April 11, 2017. Note: Not all features in an update will work on all devices. A device may not be able to receive updates if the device hardware is incompatible, lacks current drivers, or is otherwise outside the original equipment manufacturer’s (OEM) support period. Windows 10 Version 1903

Intelligent security Simplified updates Flexible Enhanced management productivity Intelligent security Intelligent security with Windows 10

Threat Identity Security protection protection management Core Windows 10 Security Enhancements What’s new in Windows 10 May 2019 Update

Windows Sandbox Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device

Windows Defender Application Guard Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings Enterprise users are able to check their settings to see what their administrators have configured for their machines to better understand the behavior Windows Defender Application Control New features that light up key scenarios and provide feature parity with AppLocker

Microphone privacy settings A mic icon appears in the notification area letting you see which apps are using your microphone Security management What’s new in Windows 10 May 2019 Update

Windows Security app improvements Protection history Detailed and easier to understand information about threats and available actions Controlled Folder Access blocks added to Protection history Actions from Windows Defender Offline Scanning tool Any pending recommendations Tamper Protection Prevent malicious apps from changing important Windows Defender Antivirus settings Windows Defender Firewall Windows Subsystem for Linux (WSL) Add rules for WSL process, just like for Windows processes

netsh.exe advfirewall firewall add rule name=wsl_python dir=in action=allow program="C:\users\\appdata\local\packages\canonicalgrouplimited.ubuntuo nwindows_79rhkp1fndgsc\localstate\rootfs\usr\bin\python3.7" enable=yes Identity protection What’s new in Windows 10 May 2019 Update

Streamlined Windows Hello PIN reset experience1,2 Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web

Sign-in with Password-less Microsoft accounts Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience! 1

Remote Desktop with Biometrics Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session

1To use Windows Hello with biometrics specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware- based protection of the Windows Hello credential/keys requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software- based. 2 Not available for all SKU’s Intelligent security with Windows 10

Threat Identity Security protection protection management

Microsoft Defender Advanced Windows Hello PIN reset Windows Defender Firewall Threat Protection for WSL Password-less sign-in Windows Defender Antivirus Windows Security app improvements Remote Desktop with Biometrics improvements

Windows Sandbox Protection history enhancements

Mic privacy settings Tamper Protection

Windows Defender Application Guard Enhancements Simplified updates Simplified updates

Streamline deployment and Application compatibility IT updates with modern tools can trust Streamline deployment and updates What’s new in Windows 10 May 2019 Update

Reserved Disk Space New and wipe-and-load installations of version 1903 will automatically reserve disk space to be used by Feature and Quality Updates, ensuring the updates do not fail for disk space reasons Automatic Restart Sign-on (ARSO) For Azure AD joined systems, Windows will automatically logon as the user and lock the device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. Servicing Updates Pause updates, Background processing, intelligent Active Hours, and deferral notifications have all been enhanced Use instead of media-based to reduce the Feature Update size with Express Updates Streamline deployment and updates What’s new in Windows 10 May 2019 Update

Delivery Optimization (DO) Improve Peer Efficiency for Enterprises/EDUs with complex networks (via a set of new Policies) New! supports Office 365 ProPlus updates, Intune content, and ConfigMgr is coming soon! Feature Rollback Improvements Supports Quality Updates and Feature Updates Initiate a rollback remotely using MDM, or trigger via ConfigMgr or other management tool Simplified updates

Delivery Optimization (DO) Desktop App Assure

Express updates Windows Insider Program for Business

StreamlineServicing-based deployment feature updates and ApplicationReadyforMicrosoft365.com compatibility IT updates with modern tools can trust Feature Rollback improvements

Delivery optimization Flexible management Flexible management

Deliver enterprise-ready devices Simplify device management easily Deliver enterprise-ready devices What’s new in Windows 10 May 2019 Update

Windows Autopilot 1 Enrollment Status Page (ESP) enhancements Silencing Cortana in OOBE Windows Autopilot white glove deployment Windows Autopilot is self-updating during OOBE

1 Requires Azure Active Directory Premium P1 and Intune or another MDM solution Simplify device management What’s new in Windows 10 May 2019 Update

Mobile Device Management Policies New Group Policies and MDM policies for managing Microsoft Edge BitLocker can silently be enabled for standard AAD Joined users Updated Microsoft 365 Admin Center (preview April 2019) Intune Security Baselines (preview) Includes many settings supported by Intune that you can use to help secure and protect your users and devices. Automatically sets these settings to values recommended by security teams

1 MDM requires an MDM product such as Microsoft Intune or other 3rd-party solutions (sold separately). 2 Available in select markets. Functionality and apps may vary by market and device. Flexible management

Windows Autopilot Mobile Device Management

Windows Subscription Activation Mobile Application Management

Deliver enterprise-ready devices SimplifyWindows device Shared management Devices easily Microsoft Store for Business Enhanced productivity Enhanced productivity

Work Cultivate collaboration Empower workstyles smarter Work smarter What’s new in Windows 10 May 2019 Update

Windows Shell Search for Linux files contained in a WSL distro Top apps and recent files displayed when you click in the Search bar Separating Search and Cortana1

Timeline Chrome extension adds Google Chrome activity to Timeline

1Cortana available in select markets; experience may vary by region and device. Cortana app required for Android and iOS devices (Requires Android version 4.1.2 or higher, or iPhone 4 with iOS 8.0 or higher). Empower workstyles What’s new in Windows 10 Update 1903

Accessibility Narrator Improvements including more voices and reading controls Ease of Access improvements including 11 new mouse pointer sizes Narrator QuickStart, a short tutorial for new users Kaomoji and Emoji Updates Tap WIN +(period) to access new kaomojis and emojis, finding the right one is a keyword away Enhanced productivity

Search for Linux Files in WSL Office 365 on Windows Work across devices

Cortana Nearby Sharing Accessibility

Work CultivateMicrosoft collaboration Whiteboard EmpowerKaomojis workstyles& Emojis smarter OneNote Windows Virtual Desktop Windows 10 gets better with each update With enhanced security, more tools for IT and end user productivity features

§ Windows Autopilot § Windows Defender ATP § Windows Defender Security Center § Express update delivery § Hyper-V § Windows 10 Subscription Activation § Windows Information Protection § Windows Insider Program for Business § Windows Hello for Business § Paint 3D § Cortana at work § Mobile Device Management § Windows Analytics Upgrade Readiness + § Night light, mini view § AAD Join § App-V, UE-V § Hybrid Azure Active Directory Join § Windows Information Protection § Windows Hello § Windows Store for Business § § + § Windows Ink Windows Hello for Business Microsoft Edge § Windows Update for Business § Windows Analytics Upgrade Readiness § Device Guard + § Mail, Calendar, Photos, Maps, Groove, Skype § Mobile Device Management § Credential Guard § App-V, UE-V § Credential Guard § AAD Join § BitLocker § Hybrid Azure Active Directory Join § BitLocker + § Windows Defender Antivirus § Windows as a service § Windows Defender Antivirus § Windows as a service § Windows Store for Business § SmartScreen § Windows Ink § SmartScreen § Windows Hello § In-place upgrades § Windows Hello § In-place upgrades § Windows Update for Business § Windows as a service § Mobile Device Management § Windows as a service § Microsoft Edge § Continuum § Microsoft Edge § Continuum § Mail, Calendar, Photos, Maps, Groove, Skype § In-place upgrades § AAD Join § In-place upgrades § Device Guard § Cortana § Device Guard § Cortana § Windows Defender Antivirus § Continuum § Windows Store for Business § Continuum § Credential Guard § Windows 10 core § Credential Guard § Windows 10 core § Windows Hello § Cortana § Windows Update for Business § Cortana § BitLocker § BitLocker § Microsoft Edge § Windows 10 core § Mail, Calendar, Photos, Maps, Groove, Skype § Windows 10 core § SmartScreen § SmartScreen § Device Guard § Windows Defender Antivirus 1507 1511 1607 1703 § Windows Virtual Desktop (Preview) § Microsoft Defender Advanced Threat Protection enhancements Windows 10 gets better with each update § Attack Surface Reduction enhancements § Next Generation Protection enhancements § Tamper Proofing Capabilities With enhanced security, more tools for IT and § Windows Sandbox § Application Guard enhancements § Sign-on with Password-less Microsoft accounts end user productivity features § New Kaimojis and Emojis § Accessibility Improvements § Windows Shell enhancements § Windows Timeline § Device Management Policies § Microsoft Defender ATP new attack surface area reduction controls § Intune Security Baselines § Investigation and remediation across Office 365 ATP and Microsoft Defender § Enhanced Enrollment Status Page ATP § Windows AutoPilot White Glove § Web Authentication in Microsoft Edge § Setup Diag § Windows Hello with FIDO 2.0 § Automatic Restart Sign On (ARSO) § 30 months of support for September releases § Reserved Disk Space § Windows Autopilot Self-deploying mode § Improved Delivery Optimization (DO) § Windows Autopilot Hybrid Azure AD join § Windows Analytics – Spectre & Meltdown, Delivery Optimization, Application § Reliability Logon Health S Mode Block Switch + § § WDATP Automated Remediation Microsoft Edge kiosk mode § Desktop Analytics (Preview) – Intelligent Pilot Selection and ConfigMgr § Windows Analytics – Spectre & Meltdown, § App-V, UE-V § Conditional Access based on WDATP device risk Delivery Optimization, Application § Hybrid Azure Active Directory Join Integration § Threat Analytics Reliability Logon Health § Windows Ink § ReadyforMicrosoft365.com § WDATP Automated Remediation § Mobile Device Management § Emergency Outbreak Updates § § § Microsoft Edge experience improvements Conditional Access based on WDATP AAD Join § Advanced hunting device risk § Windows Store for Business § Accessibility enhancements § Threat Analytics § Windows Update for Business § Cloud Credential Guard § Access the clipboard across devices § Emergency Outbreak Updates § Mail, Calendar, Photos, Maps, Groove, § Diagnostic data viewer § Advanced hunting Skype § Windows Defender Exploit Guard, System Guard, Application Guard, Application + § Your Phone § Cloud Credential Guard § Windows Defender Antivirus Control § Windows Autopilot enrollment status page § Diagnostic data viewer § Windows Hello § § § § Windows 10 Enterprise in S mode § Windows Analytics – Spectre & Meltdown, § Hyper-V Windows Autopilot enrollment status page Microsoft Edge Mobile Device Management Delivery Optimization, Application Reliability § Windows 10 Subscription Activation § § § Shared Windows Devices Windows 10 Enterprise in S mode Device Guard § Windows Analytics Update Compliance Logon Health § Windows Insider Program for Business § Shared Windows Devices § Credential Guard § Nearby Sharing § Windows Analytics Device Health § WDATP Automated Remediation § Paint 3D § Nearby Sharing § BitLocker § Dictation § Conditional Access based on WDATP device risk § Cortana at work § Dictation § SmartScreen § Co-management § Threat Analytics § Night light, mini view § Timeline § Windows as a service + § Timeline § Enterprise search in Windows § Emergency Outbreak Updates § Windows Information Protection § Windows Defender Exploit Guard, System § In-place upgrades § Advanced hunting § Windows Hello for Business Guard, Application Guard, Application § Continuum § Continue on PC § Windows Defender Exploit Guard, System § Windows Analytics Upgrade Readiness § Cloud Credential Guard § Windows Analytics Upgrade Readiness Control § Cortana § OneDrive Files On-Demand Guard, Application Guard, Application Control § App-V, UE-V § Diagnostic data viewer § App-V, UE-V § Mobile Device Management § Windows 10 core § Mobile Device Management § Hybrid Azure Active Directory Join § Windows Autopilot enrollment status page § Hybrid Azure Active Directory Join § Windows Analytics Update Compliance § Windows Defender ATP new attack surface § Narrator § Windows Analytics Update Compliance § Windows Ink § Windows 10 Enterprise in S mode § Windows Ink § Windows Analytics Device Health area reduction controls + § Mixed Reality Viewer § Windows Analytics Device Health § Mobile Device Management § Shared Windows Devices § Mobile Device Management § Co-management § Investigation and remediation across Office § Co-management § AAD Join § Nearby Sharing § AAD Join § Enterprise search in Windows 365 ATP and Windows Defender ATP § Windows Autopilot § AAD Join § Enterprise search in Windows § Windows Store for Business § Dictation § Windows Store for Business § Continue on PC § Web Authentication in Microsoft Edge § Windows Defender ATP § Windows Store for Business § Continue on PC § Windows Update for Business § Timeline § Windows Update for Business § OneDrive Files On-Demand § Windows Hello with FIDO 2.0 § Windows Defender Security Center § Windows Update for Business § OneDrive Files On-Demand § Mail, Calendar, Photos, Maps, Groove, Skype § Windows Defender Exploit Guard, System § Mail, Calendar, Photos, Maps, Groove, Skype § Narrator § 30 months of support for September § Express update delivery § Mail, Calendar, Photos, Maps, Groove, Skype § Narrator § Windows Defender Antivirus Guard, Application Guard, Application Control § Windows Defender Antivirus § Mixed Reality Viewer releases § Hyper-V § Windows Defender Antivirus § Mixed Reality Viewer § Windows Hello § Mobile Device Management § Windows Hello § Windows Autopilot § Windows Autopilot Self-deploying mode § Windows 10 Subscription Activation § Windows Hello § Windows Autopilot § Microsoft Edge § Windows Analytics Update Compliance § Microsoft Edge § Microsoft Defender ATP § Windows Autopilot Hybrid Azure AD join § Windows Insider Program for Business § Microsoft Edge § Windows Defender ATP § Device Guard § Windows Analytics Device Health § Device Guard § Windows Defender Security Center § S Mode Block Switch § Paint 3D § Device Guard § Windows Defender Security Center § Credential Guard § Co-management § Credential Guard § Express update delivery § Microsoft Edge kiosk mode § Cortana at work § Credential Guard § Express update delivery § BitLocker § Enterprise search in Windows § BitLocker § Hyper-V § Desktop Analytics (Preview) – Intelligent § Night light, mini view § BitLocker § Hyper-V § SmartScreen § Continue on PC § SmartScreen § Windows 10 Subscription Activation Pilot Selection and ConfigMgr Integration § Windows Information Protection § SmartScreen § Windows 10 Subscription Activation § Windows as a service § OneDrive Files On-Demand § Windows as a service § Windows Insider Program for Business § ReadyforMicrosoft365.com § Windows Hello for Business § Windows as a service § Windows Insider Program for Business § In-place upgrades § Narrator § In-place upgrades § Paint 3D § Microsoft Edge experience improvements § Windows Analytics Upgrade Readiness § In-place upgrades § Paint 3D § Continuum § Mixed Reality Viewer § Continuum § Cortana at work § Accessibility enhancements § App-V, UE-V § Continuum § Cortana at work § Cortana § Windows Autopilot § Cortana § Night light, mini view § Access the clipboard across devices § Hybrid Azure Active Directory Join § Cortana § Night light, mini view § Windows 10 core § Windows Defender ATP § Windows 10 core § Windows Information Protection § Your Phone § Windows Ink § Windows 10 core § Windows Information Protection § Windows Defender Security Center § Windows Hello for Business § Mobile Device Management § Windows Hello for Business § Express update delivery § Windows Analytics Upgrade Readiness 1709 1803 1809 1903 Begin your journey with Windows 10 today January 14th 2020 Manfred Helber

Twitter: @ManfredHelber LinkedIn: Manfred Helber www.manfredhelber.de https://aka.ms/WBSCEvents www.windows-business-solutions-club.de Vielen Dank!