mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 03:43:39 +00:00
Adding content
This commit is contained in:
LizRoss
@ -1,30 +0,0 @@
|
||||
---
|
||||
title: What's new in AppLocker (Windows 10)
|
||||
description: AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
|
||||
ms.assetid: 6F836FF6-7794-4E7B-89AA-1EABA1BF183F
|
||||
ms.pagetype: security, mobile
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
author: brianlic-msft
|
||||
redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
|
||||
---
|
||||
|
||||
# What's new in AppLocker?
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
|
||||
AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
|
||||
In Windows 10, AppLocker has added some improvements.
|
||||
|
||||
## New features in Windows 10
|
||||
|
||||
- A new parameter was added to the [New-AppLockerPolicy](http://technet.microsoft.com/library/hh847211.aspx) Windows PowerShell cmdlet that lets you choose whether executable and DLL rule collections apply to non-interactive processes. To enable this, set the **ServiceEnforcement** to **Enabled**.
|
||||
- A new [AppLocker](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) configuration service provider was add to allow you to enable AppLocker rules by using an MDM server.
|
||||
- You can manage Windows 10 Mobile devices by using the new [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx).
|
||||
|
||||
[Learn how to manage AppLocker within your organization](../keep-secure/applocker-overview.md).
|
||||
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
---
|
||||
title: What's new in BitLocker (Windows 10)
|
||||
description: BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
|
||||
ms.assetid: 3F2DE365-68A1-4CDB-AB5F-C65574684C7B
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security, mobile
|
||||
author: brianlic-msft
|
||||
redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
|
||||
---
|
||||
|
||||
# What's new in BitLocker?
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
|
||||
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
|
||||
|
||||
## New features in Windows 10, version 1511
|
||||
|
||||
- **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys.
|
||||
It provides the following benefits:
|
||||
- The algorithm is FIPS-compliant.
|
||||
- Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization.
|
||||
**Note**
|
||||
Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms.
|
||||
|
||||
## New features in Windows 10
|
||||
|
||||
- **Encrypt and recover your device with Azure Active Directory**. In addition to using a Microsoft Account, automatic [Device Encryption](http://technet.microsoft.com/library/dn306081.aspx#bkmk-encryption) can now encrypt your devices that are joined to an Azure Active Directory domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Azure Active Directory. This will make it easier to recover your BitLocker key online.
|
||||
- **DMA port protection**. You can use the [DataProtection/AllowDirectMemoryAccess](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on.
|
||||
- **New Group Policy for configuring pre-boot recovery**. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the "Configure pre-boot recovery message and URL" section in [BitLocker Group Policy settings](../keep-secure/bitlocker-group-policy-settings.md).
|
||||
|
||||
[Learn how to deploy and manage BitLocker within your organization](../keep-secure/bitlocker-overview.md).
|
||||
|
||||
## Related topics
|
||||
|
||||
[Trusted Platform Module](../keep-secure/trusted-platform-module-overview.md)
|
||||
|
||||
@ -1,68 +0,0 @@
|
||||
---
|
||||
title: Change history for What's new in Windows 10 (Windows 10)
|
||||
description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile.
|
||||
ms.assetid: 75F285B0-09BE-4821-9B42-37B9BE54CEC6
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
author: TrudyHa
|
||||
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/whats-new/index
|
||||
---
|
||||
|
||||
# Change history for What's new in Windows 10
|
||||
This topic lists new and updated topics in the [What's new in Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
|
||||
|
||||
|
||||
## April 2016
|
||||
|
||||
|New or changed topic |Description |
|
||||
|---------------------|------------|
|
||||
|[Enterprise data protection (EDP) overview](edp-whats-new-overview.md) |Updated to remove content that's duplicated in the EDP content and added pointer. |
|
||||
|
||||
## February 2016
|
||||
|
||||
|New or changed topic |Description |
|
||||
|---------------------|------------|
|
||||
|[Lockdown features from Windows Embedded Industry 8.1](lockdown-features-windows-10.md) |Updated to include policy setting names for USB filter and Toast notification filter|
|
||||
|
||||
## January 2016
|
||||
|
||||
|New or changed topic |Description |
|
||||
|---------------------|------------|
|
||||
|[Browser: Microsoft Edge and Internet Explorer 11](edge-ie11-whats-new-overview.md) |Updated to include the **Applies to** section |
|
||||
|
||||
## December 2015
|
||||
|
||||
|New or changed topic |Description |
|
||||
|---------------------|------------|
|
||||
|[Security](security.md) |New |
|
||||
|[Windows Update for Business](windows-update-for-business.md) |New |
|
||||
|
||||
## November 2015
|
||||
|
||||
|New or changed topic |Description |
|
||||
|---------------------|------------|
|
||||
|[AppLocker](applocker.md) |New |
|
||||
|[BitLocker](bitlocker.md) |New |
|
||||
|[Credential Guard](credential-guard.md) |New |
|
||||
|[Device Guard](device-guard-overview.md) |New |
|
||||
|[Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) |New |
|
||||
|[Security auditing](security-auditing.md) |New |
|
||||
|[Trusted Platform Module](trusted-platform-module.md) |New |
|
||||
|[Windows spotlight on the lock screen](windows-spotlight.md) |New |
|
||||
|[Windows Store for Business overview](windows-store-for-business-overview.md) |New |
|
||||
|
||||
## Related topics
|
||||
- [Change history for Plan for Windows 10 deployment](../plan/change-history-for-plan-for-windows-10-deployment.md)
|
||||
- [Change history for Deploy Windows 10](../deploy/change-history-for-deploy-windows-10.md)
|
||||
- [Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
|
||||
- [Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
---
|
||||
title: What's new in Credential Guard (Windows 10)
|
||||
description: Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
|
||||
ms.assetid: 59C206F7-2832-4555-97B4-3070D93CC3C5
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
author: brianlic-msft
|
||||
redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
|
||||
---
|
||||
|
||||
# What's new in Credential Guard?
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
|
||||
|
||||
## New features in Windows 10, version 1511
|
||||
|
||||
- **Credential Manager support**. Credentials that are stored with Credential Manager, including domain credentials, are protected with Credential Guard with the following considerations:
|
||||
- Credentials that are saved by the Remote Desktop Protocol cannot be used. Employees in your organization can manually store credentials in Credential Manager as generic credentials.
|
||||
- Applications that extract derived domain credentials using undocumented APIs from Credential Manager will no longer be able to use those saved derived credentials.
|
||||
- You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
|
||||
- **Enable Credential Guard without UEFI lock**. You can enable Credential Guard by using the registry. This allows you to disable Credential Guard remotely. However, we recommend that Credential Guard is enabled with UEFI lock. You can configure this by using Group Policy.
|
||||
- **CredSSP/TsPkg credential delegation**. CredSSP/TsPkg cannot delegate default credentials when Credential Guard is enabled.
|
||||
|
||||
[Learn how to deploy and manage Credential Guard within your organization](../keep-secure/credential-guard.md).
|
||||
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
---
|
||||
title: Device Guard overview (Windows 10)
|
||||
description: Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications.
|
||||
ms.assetid: FFE244EE-5804-4CE8-A2A9-48F49DC3AEF2
|
||||
ms.pagetype: mobile, security
|
||||
keywords: Device Guard
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
author: brianlic-msft
|
||||
redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
|
||||
---
|
||||
|
||||
# Device Guard overview
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
- Windows Server 2016
|
||||
|
||||
Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. If the app isn’t trusted it can’t run, period. It also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code after the computer restarts because of how decisions are made about what can run and when.
|
||||
|
||||
Device Guard uses the new virtualization-based security in Windows 10 Enterprise to isolate the Code Integrity service from the Microsoft Windows kernel itself, letting the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
|
||||
|
||||
For details on how to implement Device Guard, see [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md).
|
||||
|
||||
## Why use Device Guard
|
||||
With thousands of new malicious files created every day, using traditional methods like signature-based detection to fight against malware provides an inadequate defense against new attacks. Device Guard on Windows 10 Enterprise changes from a mode where apps are trusted unless blocked by an antivirus or other security solutions, to a mode where the operating system trusts only apps authorized by your enterprise.
|
||||
Device Guard also helps protect against [zero day attacks](https://go.microsoft.com/fwlink/p/?linkid=534209) and works to combat the challenges of [polymorphic viruses](https://go.microsoft.com/fwlink/p/?LinkId=534210).
|
||||
## Virtualization-based security using Windows 10 Enterprise Hypervisor
|
||||
|
||||
Windows 10 Enterprise Hypervisor introduces new capabilities around virtual trust levels, which helps Windows 10 Enterprise services to run in a protected environment, in isolation from the running operating system. Windows 10 Enterprise virtualization-based security helps protect kernel code integrity and helps to provide credential isolation for the local security authority (LSA). Letting the Kernel Code Integrity service run as a hypervisor-hosted service increases the level of protection around the root operating system, adding additional protections against any malware that compromises the kernel layer.
|
||||
|
||||
>**Important** Device Guard devices that run Kernel Code Integrity with virtualization-based security (VBS) must have compatible drivers (legacy drivers can be updated) and meet requirements for the hardware and firmware that support virtualization-based security. For more information, see [Hardware, firmware, and software requirements for Device Guard](../keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard)
|
||||
@ -1,17 +0,0 @@
|
||||
---
|
||||
title: Enterprise management for Windows 10 devices (Windows 10)
|
||||
description: Windows 10 provides mobile device management (MDM) capabilities that enable enterprise-level management of devices.
|
||||
ms.assetid: 36DA67A1-25F1-45AD-A36B-AEEAC30C9BC4
|
||||
ms.prod: w10
|
||||
ms.pagetype: devices, mobile
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
author: jdeckerMS
|
||||
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices
|
||||
---
|
||||
|
||||
# Enterprise management for Windows 10 devices
|
||||
|
||||
This page has been redirected to **What's new in Windows 10, versions 1507 and 1511**.
|
||||
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
---
|
||||
title: Browser Microsoft Edge and Internet Explorer 11 (Windows 10)
|
||||
description: Resources to help you explore the Windows 10 browsing options for your enterprise.
|
||||
redirect_url: https://technet.microsoft.com/itpro/microsoft-edge/enterprise-guidance-using-microsoft-edge-and-ie11
|
||||
---
|
||||
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
title: Enterprise data protection (EDP) overview (Windows 10)
|
||||
description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data disclosure through apps and services that are outside of the enterprise’s control like email, social media, and the public cloud.
|
||||
redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip
|
||||
---
|
||||
@ -1,16 +0,0 @@
|
||||
---
|
||||
title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10)
|
||||
description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
|
||||
ms.assetid: 3C006B00-535C-4BA4-9421-B8F952D47A14
|
||||
keywords: lockdown, embedded
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: jdeckerMS
|
||||
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/lockdown-features-windows-10
|
||||
---
|
||||
|
||||
# Lockdown features from Windows Embedded 8.1 Industry
|
||||
|
||||
This topic has been redirected.
|
||||
@ -1,16 +0,0 @@
|
||||
---
|
||||
title: Windows Hello overview (Windows 10)
|
||||
description: In Windows 10, Windows Hello replaces passwords with strong two-factor authentication.
|
||||
ms.assetid: 292F3BE9-3651-4B20-B83F-85560631EF5B
|
||||
keywords: password, hello, fingerprint, iris, biometric, passport
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
ms.pagetype: mobile, security
|
||||
author: jdeckerMS
|
||||
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport
|
||||
---
|
||||
|
||||
# Windows Hello overview
|
||||
|
||||
This topic has been redirected.
|
||||
Reference in New Issue
Block a user