Microsoft Announces New Windows 10 Security Features for Businesses

Posted on June 27, 2017 by Paul Thurrott in Windows 10 with 8 Comments

When the Windows 10 Fall Creators Update arrives in September, it will bring several new security features aimed specifically at Microsoft’s enterprise customers.

The timing of this revelation—a few weeks before Inspire (previously the Worldwide Partner Show) and a few months before Ignite—is interesting. And it suggests, perhaps, that Microsoft has been stung by criticisms that its Creators Update and Fall Creators Update releases are, perhaps, a bit too consumer-centric.

Too, Microsoft has been stung in recent months by complaints from AV vendor and partner Kaspersky Lab. The software giant even admitted to some of the accused behavior.

“Our goal is to ensure customer safety as the security threat landscape continues to grow increasingly more sophisticated and adversaries are more successful at impacting the bottom line,” Microsoft Partner Director Rob Lefferts writes. “New security features in the Windows 10 Fall Creators Update allows us to be more front footed and make life harder for the bad guys. Today, I’m excited to share how we’re raising the bar by hardening our Windows platform, taking advantage of cloud intelligence and bringing everything together in one end-to-end solution.”

Essentially, Microsoft is making a ton of improvements to Windows Defender Advanced Threat Protection (ATP), a set of technologies that debuted just after the initial release of Windows 10. ATP was designed from the get-go to be proactive. That is, instead of just detecting and responding to electronic attacks, it utilizes “preventive protection” to detect and protect against new kinds of threats as they appear.

With the Fall Creators Update, Windows Defender ATP will be enhanced with several new features and tools. These technologies will be integrated “across the entire Windows threat protection stack to protect, detect and respond with rich, centralized management,” Microsoft says. And it is bringing Windows Defender ATP to Windows Server as well.

New features and capabilities include:

Windows Defender Exploit Guard., Essentially an updated version of the Enhanced Mitigation Experience Toolkit (EMET), the Exploit Guard provides intrusion detection capabilities using intelligence gleaned from the Microsoft Graph.

Windows Defender Application Guard (WDAG). Sitting between the firewall and your antivirus software, WDAG works to isolate accidentally downloaded malicious software from your devices, apps, data, and network.

Windows Defender Device Guard and Windows Defender Antivirus improvements. Windows Defender Device Guard is being updated to integrate better with Windows Defender ATP for better response times. And Windows Defender Antivirus is being updated with cloud intelligence capabilities so that it can quickly adapt to new malware as it is created.

And here’s a “better together” message I’ve not heard in a while.

“When Windows Defender ATP is used alongside threat protection solutions from Office and Azure, you get better context, richer signals, and better protection with analytics and reporting, helping you stay prepared when it comes to securing your most important assets,” Lefferts explains.

What’s not entirely clear here is which customers get these features. But we still have several months to go before the Fall Creators Update ships, and I’m sure there will be some clarity by Ignite, which also happens in September.


Tagged with

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (10)

10 responses to “Microsoft Announces New Windows 10 Security Features for Businesses”

  1. RobertJasiek

    1) Will it still be possible to deactivate Windows Defender in system services?

    2) Will it be possible to deactivate Windows Defender in the GUI?

    3) Which improvements will the source code get so as to prevent malware attacks on Windows Defender itself?

    4) Will the user have the choice whether Windows Defender runs OnAccess or OnDemand then only checking manually specified directories?

    5) Will the user have the choice whether Windows Defender operates only locally or also online accessessing databases?

    • warren

      In reply to RobertJasiek:

      1) Yes.

      2) Through Group Policy as is currently the case.

      3) ¯_(ツ)_/¯ ..... are you using Windows Defender Device Guard? If you aren't familiar with it yet, you should be. It solves the vast majority of concerns around Defender itself being attacked.

      4) This is a very 1990s question, and those times are long behind us. Most malware targets the operating system itself now, not specific file types. Manually scanning disk files is going to miss most things.

      5) That is already configurable in the UI, yes.

      • RobertJasiek

        In reply to warren:

        4) It depends on the used security concept. Whitelisting can be combined with OnDemand use (and other security tools). OnAccess use is typical for Blacklisting, which (if used without Whitelisting) I call the sin of the old days.

  2. Waethorn

    Unless this scans for common ransomware ala Malwarebytes, they should go back to the drawing board.

  3. Tony Barrett

    I don't know one enterprise that 'trusts' Microsoft security software. It's never been very good, and any sysadmin knows Windows is leakier than a sieve. A sensible company will know they'll need to shore up Windows with extra layers of non-MS protection on the PC's themselves, but paying special attention to the perimeter - ie, any>any outbound firewall rules are *not* sensible, especially with all the data Win10 leaks.

  4. jchampeau

    I chuckled at the slide in the video that says "Intelligence Based Security." "Intelligence-based" is a compound adjective and should be hyphenated. Hopefully the security is better than the punctuation.

Leave a Reply