Below is a list of some of what's new in Information Technology (IT) pro features in Windows 10, version 1703 (also known as the Creators Update).
For more general info about Windows 10 features, see Features available only on Windows 10. For info about previous versions of Windows 10, see What's New in Windows 10. Also see this blog post: [Whatâs new for IT pros in the Windows 10 Creators Update}(https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/).
Configuration Windows Configuration DesignerPreviously known as Windows Imaging and Configuration Designer (ICD), the tool for creating provisioning packages is renamed Windows Configuration Designer. The new Windows Configuration Designer is available in Microsoft Store as an app. To run Windows Configuration Designer on earlier versions of Windows, you can still install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK).
Windows Configuration Designer in Windows 10, version 1703, includes several new wizards to make it easier to create provisioning packages.
Both the desktop and kiosk wizards include an option to remove pre-installed software, based on the new CleanPC configuration service provider (CSP).
Learn more about Windows Configuration Designer.
Azure Active Directory join in bulkUsing the new wizards in Windows Configuration Designer, you can create provisioning packages to enroll devices in Azure Active Directory. Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards.
Windows SpotlightThe following new Group Policy and mobile device management (MDM) settings are added to help you configure Windows Spotlight user experiences:
Learn more about Windows Spotlight.
Start and taskbar layoutEnterprises have been able to apply customized Start and taskbar layouts to devices running Windows 10 Enterprise and Education. In Windows 10, version 1703, customized Start and taskbar layout can also be applied to Windows 10 Pro.
Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10, version 1703, adds support for customized taskbars to MDM.
More MDM policy settings are available for Start and taskbar layout. New MDM policy settings include:
Cortana is Microsoftâs personal digital assistant, who helps busy people get things done, even while at work. Cortana has powerful configuration options, optimized for your business. When your employees sign in with an Azure Active Directory (Azure AD) account, they can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.
Using Azure AD also means that you can remove an employeeâs profile (for example, when an employee leaves your organization) while respecting Windows Information Protection (WIP) policies and ignoring enterprise content, such as emails, calendar items, and people lists that are marked as enterprise data.
For more info about Cortana at work, see Cortana integration in your business or enterprise
Deployment MBR2GPT.EXEMBR2GPT.EXE is a new command-line tool available in Windows 10 version 1703 and later versions. MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports other partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk.
Other security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
For details, see MBR2GPT.EXE.
Security Microsoft Defender for EndpointNew features in Microsoft Defender for Endpoint for Windows 10, version 1703 include:
Detection: Enhancements to the detection capabilities include:
Investigation: Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus detections and Device Guard blocks being surfaced in the Microsoft Defender for Endpoint portal. Other capabilities have been added to help you gain a holistic view on investigations.
Other investigation enhancements include:
Response: When an attack is detected, security response teams can now take immediate action to contain a breach:
Other features
You can read more about ransomware mitigations and detection capability in Microsoft Defender for Endpoint in the blog: Averting ransomware epidemics in corporate networks with Microsoft Defender for Endpoint.
Get a quick, but in-depth overview of Microsoft Defender for Endpoint for Windows 10 and the new capabilities in Windows 10, version 1703 see Microsoft Defender for Endpoint for Windows 10 Creators Update.
Microsoft Defender AntivirusWindows Defender is now called Microsoft Defender Antivirus, and we've increased the breadth of the documentation library for enterprise security admins.
The new library includes information on:
Some of the highlights of the new library include:
New features for Microsoft Defender AV in Windows 10, version 1703 include:
In Windows 10, version 1607, we invested heavily in helping to protect against ransomware, and we continue that investment in version 1703 with updated behavior monitoring and always-on real-time protection.
You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the Microsoft Malware Protection Center blog.
Device Guard and Credential GuardMore security qualifications for Device Guard and Credential Guard help protect vulnerabilities in UEFI runtime. For more information, see Device Guard Requirements and Credential Guard Security Considerations.
Group Policy Security OptionsThe security setting Interactive logon: Display user information when the session is locked has been updated to work in conjunction with the Privacy setting in Settings > Accounts > Sign-in options.
A new security policy setting Interactive logon: Don't display username at sign-in has been introduced in Windows 10 version 1703. This security policy setting determines whether the username is displayed during sign-in. It works in conjunction with the Privacy setting in Settings > Accounts > Sign-in options. The setting only affects the Other user tile.
Windows Hello for BusinessYou can now reset a forgotten PIN without deleting company managed data or apps on devices managed by Microsoft Intune.
For Windows desktops, users are able to reset a forgotten PIN through Settings > Accounts > Sign-in options.
For more details, check out What if I forget my PIN?.
Windows Information Protection (WIP) and Azure Active Directory (Azure AD)Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see Create a Windows Information Protection (WIP) policy using Microsoft Intune and Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune.
You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, How to collect Windows Information Protection (WIP) audit event logs.
Update Windows Update for BusinessThe pause feature has been changed, and now requires a start date to set up. Users are now able to pause through Settings > Update & security > Windows Update > Advanced options in case a policy hasn't been configured. We've also increased the pause limit on quality updates to 35 days. You can find more information on pause in Pause Feature Updates and Pause Quality Updates.
Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See Configure devices for Current Branch (CB) or Current Branch for Business (CBB), Configure when devices receive Feature Updates and Configure when devices receive Quality Updates for details.
Windows Insider for BusinessWe recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (Azure AD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization, especially on features that support your specific business needs. For details, see Windows Insider Program for Business.
Optimize update deliveryWith changes delivered in Windows 10, version 1703, express updates are now fully supported with Microsoft Configuration Manager, starting with version 1702 of Configuration Manager, and with other third-party updating and management products that implement this new functionality. This support is in addition to current Express support on Windows Update, Windows Update for Business and WSUS.
Note
The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update.
Delivery Optimization policies now enable you to configure more restrictions to have more control in various scenarios.
Added policies include:
To check out all the details, see Configure Delivery Optimization for Windows 10 updates
Uninstalled in-box apps no longer automatically reinstallStarting with Windows 10, version 1703, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process.
Additionally, apps de-provisioned by admins on Windows 10, version 1703 machines will stay de-provisioned after future feature update installations. This condition won't apply to the update from Windows 10, version 1607 (or earlier) to version 1703.
Management New MDM capabilitiesWindows 10, version 1703 adds many new configuration service providers (CSPs) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see Policy CSP - ADMX-backed policies.
Some of the other new CSPs are:
The DynamicManagement CSP allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country/region to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device canât reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
The CleanPC CSP allows removal of user-installed and pre-installed applications, with the option to persist user data.
The BitLocker CSP is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives.
The NetworkProxy CSP is used to configure a proxy server for ethernet and Wi-Fi connections.
The Office CSP enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see Configuration options for the Office Deployment Tool.
The EnterpriseAppVManagement CSP is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM.
Learn more about new MDM capabilities.
Mobile application management support for Windows 10The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10, version 1703.
For more info, see Implement server-side support for mobile application management on Windows.
MDM diagnosticsIn Windows 10, version 1703, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we're introducing Microsoft Message Analyzer as an extra tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost.
Application Virtualization for Windows (App-V)Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10, version 1703 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart.
For more info, see the following topics:
Learn more about the diagnostic data that's collected at the Basic level and some examples of the types of data that is collected at the Full level.
Learn about the new Group Policies that were added in Windows 10, version 1703.
Miracast on existing wireless network or LANIn the Windows 10, version 1703, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the Miracast over Infrastructure Connection Establishment Protocol (MS-MICE).
Miracast over Infrastructure offers many benefits:
Users attempt to connect to a Miracast receiver as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, and via multicast DNS (mDNS). If the name isn't resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection.
Enabling Miracast over InfrastructureIf you have a device that has been updated to Windows 10, version 1703, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following requirements are true within your deployment:
It's important to note that Miracast over Infrastructure isn't a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and donât have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method.
The following new features aren't part of Windows 10, but help you make the most of it.
Upgrade ReadinessUpgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017.
The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
For more information about Upgrade Readiness, see the following topics:
Update ComplianceUpdate Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date.
Update Compliance is a solution built using OMS Log Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues.
For more information about Update Compliance, see Monitor Windows Updates with Update Compliance.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3