What’s new for IT pros in Windows 10, version 1903
Published May 21 2019 10:00 AM 175K Views
Microsoft

Microsoft has always focused on building the tools and platforms that IT needs to be successful. In this era of digital disruption, we are working to deliver a modern workplace experience that is loved by users and trusted by IT. This focus is at the heart of how we build Windows 10—bringing you the latest advances in security, IT tools, and productivity, anchored in intelligence powered by the cloud. 

I’m happy to announce that Windows 10, version 1903 is now available through Windows Server Update Services (WSUS) and Windows Update for Business, and will be able to be downloaded today from Visual Studio Subscriptions, the Software Download Center (via Update Assistant or the Media Creation Tool), and the Volume Licensing Service Center[1]. Today marks the start of the servicing timeline for this Semi-Annual Channel release, and we recommend that you begin rolling out Windows 10, version 1903 in phases across your organization—validating that your apps, devices, and infrastructure work well with this new release before broad deployment.

As you look to roll out this new update to your organization, here are some of the new capabilities that will enable you to benefit from intelligent security, simplified updates, flexible management, and enhanced productivity. For a closer look at these improvements, join me and my colleague Alan Meeus for a one-hour webcast on Tuesday, May 28, 2019, then bring your questions to our next Windows 10 Ask Microsoft Anything (AMA) event on Tuesday, June 4, 2019.

Intelligent security

The biggest concern for most companies today—and their IT departments—is security. With cyberthreats rapidly increasing every day, organizations need intelligent security to defend and protect their environments. Windows 10 comes with security built-in, and it leverages the cloud to coordinate defenses across email, data, and devices for end-to-end protection using the Microsoft Graph.

Here are some of the new intelligent security capabilities included in Windows 10, version 1903:

Microsoft Defender Advanced Threat Protection (ATP):

  • Attack surface area reduction – IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URL’s and IP addresses.
  • Next generation protection – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage.
    • Integrity enforcement capabilities – Enable remote runtime attestation of the Windows 10 platform.
    • Tamper-proofing capabilities – Use virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers.
  • Platform support – Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities now support Windows 7 and 8.1 environments.
  • Advanced machine learning – Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware.
  • Emergency outbreak protection – Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected.
  • Certified ISO 27001 compliance[2] – Ensures that the cloud service has analyzed for threats, vulnerabilities and impacts, and that risk management and security controls are in place.
  • Geolocation support[3] – Support geolocation and sovereignty of sample data as well as configurable retention policies.

For the latest information on new Microsoft Defender ATP features and functionality, bookmark the Microsoft Defender ATP blog on Tech Community.

Threat Protection:

  • Windows Sandbox – Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
  • Microphone privacy settings – A microphone icon appears in the notification area letting you see which apps are using your microphone.
  • Windows Defender Application Guard enhancements – Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.

Identity Protection:

Security management:

  • Windows Defender Firewall: Windows Subsystem for Linux (WSL), which lets you add rules for WSL process, just like for Windows processes.
  • Windows Security app improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations.
  • Tamper Protection lets you prevent others from tampering with important security features.

Simplified updates

With Windows 10, version 1903, you’ll see the following improvements to help you to streamline deployments and update management:

  • Delivery Optimization – Improved Peer Efficiency for enterprises and educational institutions with complex networks (via a set of new policies). This now supports Office 365 ProPlus updates and Microsoft Intune content; System Center Configuration Manager content will be coming soon.
  • Reserved storage – Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches, improving the day-to-day function of your PC by ensuring that critical OS functions always have access to disk space. This feature will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed as well as clean installs of Windows 10, version 1903. (It will not be enabled when updating from a previous version of Windows 10.)
  • Automatic Restart Sign-on (ARSO) – For Azure Active Directory-joined devices, Windows will automatically log on as the user and lock the device to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
  • Windows Update for Business – There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
  • Update rollback improvements – When a device is unable to start properly after installing a driver or monthly quality update, Windows will automatically uninstall the update to return the device to a normally operating state.
  • Pause updates – Users of all editions of Windows 10, including Windows 10 Home, can pause updates for both feature and monthly updates.
  • Intelligent active hours – Users now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns.
  • Improved update orchestration – Windows 10, version 1903 offers improved system performance by intelligently coordinating Windows updates and Microsoft Store updates so they occur when users are away from their devices to minimize disruptions.
  • Improved update notifications – When there’s an update requiring a device restart, users will see a colored dot on the Power button in the Start menu and on the Windows icon in the taskbar.
  • SetupDiag – Use this command-line tool to troubleshoot failed feature updates.

Flexible management

To deliver that secure and productive experience that users and your organization are expecting, it's critical to use modern management practices. Here is what Windows 10, version 1903 has to offer around delivering enterprise-ready devices and simplifying the ongoing management of those devices.

  • Deliver enterprise-ready devices with Windows Autopilot[5] – Enrollment Status Page (ESP) enhancements, which include tracking Win32 apps delivered via Intune Management Extensions. You can also now choose which apps to block during enrollment through Intune. In addition, Windows Autopilot functional and critical updates will begin downloading automatically during the out of box experience (OOBE). Cortana voiceover is now disabled by default for Windows 10 Pro and above SKUs in the OOBE. And, with Windows Autopilot white glove deployment, partners or IT staff can pre-provision Windows 10 PCs to be fully configured and business-ready before they are delivered to the Check out the new Microsoft Mechanics video to learn more about the new white glove deployment and these other new Windows Autopilot features.
  • Mobile Device Management policies – Windows 10, version 1903 offers new Group Policies and mobile device management (MDM) policies for managing Microsoft Edge. You can silently enable BitLocker for standard Azure Active Directory-joined users. You can also more easily manage the entire Microsoft 365 experience for users with the Microsoft 365 Admin Center.
  • Intune Security Baselines (Preview) – Now includes many settings supported by Intune that you can use to help secure and protect your users and devices. You can automatically set these settings to values recommended by security teams.

Enhanced productivity

Ultimately, Windows 10 is about providing a great, productive experience for users. Here are some of the key productivity enhancements in this new feature update:

  • Work smarter – Windows Shell now lets you search for Linux files contained in a WSL distro. In addition, top apps and recent files will display when you click in the Search bar. We’ve also separated Search and Cortana allowing Cortana to act as more of a digital assistant while using Windows Search for searching for file, pics, docs, etc.. The new Chrome extension adds Google Chrome activity to the Timeline view.
  • Empower workstyles – New accessibility features include Narrator improvements with more voices and reading controls, as well as ease of access improvements such as 11 new mouse pointer sizes. Windows 10, version 1903 also includes Narrator QuickStart, which is a short tutorial for new users. In addition, you can tap WINDOWS + period (.) to access new kaomojis and emojis, making finding the right one a keyword away.
  • Windows Virtual Desktop – Available as a public preview, Windows Virtual Desktop allows you to deliver a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. For a deep dive on Windows Virtual Desktop, register for the June 6, 2019 webcast and save the date for the Windows Virtual Desktop AMA event on June 12, 2019.

Frequently asked questions

Will there be a new Long-Term Servicing Channel (LTSC) release?
No. Windows 10 Enterprise LTSC 2019 is the current LTSC option, and was released with Windows 10, version 1809 in November. The next LTSC release can be expected toward the end of 2021. Customers currently using the LTSC for special-purpose devices should start working to upgrade those devices to Windows 10 Enterprise LTSC 2019 as mainstream support for that release will continue until January 9, 2024.

Can I upgrade our devices from Windows 7 directly to this new update?
Yes. You can upgrade directly from Windows 7 or Windows 8.1 to Windows 10, version 1903. We strongly encourage you to begin your upgrade process immediately, to avoid missing the January 14, 2020 end-of-support date for Windows 7.

What if my applications are not compatible with Windows 10, version 1903?
Windows 10 is the most compatible Windows operating system ever. Through millions of data points from customer diagnostics, and the Windows Insider Program validation process, we’ve found that 99% of apps are compatible with current Windows 10 releases. As a result, you can expect that most applications that work on Windows 7 will continue to work on Windows 10 and Office 365 ProPlus. However, if you do encounter an application compatibility issue as you deploy Windows 10 and Office 365 ProPlus, or with a subsequent feature update, Desktop App Assure will help you fix them at no additional cost with an eligible subscription (150+ seats). For more information about Desktop App Assure, see our blog post on Standing behind our application compatibility promise.

Tools and resources

To support the release of Windows 10, version 1903, we have released updated versions of the following resources:

To increase transparency around updates, we have also launched a new Windows release health dashboard, which provides you with timely information on the status of the Windows 10, version 1903 rollout, details on any known issues (including the status of those issues, workarounds, and resolutions), and important announcements.

For help with configuring and deploying updates, please see the following resources: 

To see a summary of the latest documentation updates, see What’s new in Windows 10, version 1903 IT pro content on Docs.

For information on what’s new for developers, see What's new in Windows 10 for developers, build 18362. For a full list of new namespaces added to the Windows SDK, see New APIs in Windows 10, build 18362. And, for a list of features and functionality that have been removed from Windows 10, or might be removed in future releases, see Features removed or planned for replacement starting with Windows 10, version 1903.

And, for the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter.

  


[

 

[1] It may take a day for downloads to be fully available in the VLSC across all products, markets, and languages.

[2] Windows Defender ATP achieved IS0 27001 certification in September of 2017. We are including this information here to confirm that this certification also, therefore, applies to Microsoft Defender ATP.

[3] Geolocation support was added to Windows Defender ATP previously. It is mentioned here to confirm that this also, therefore, applies to Microsoft Defender ATP.

[4] To use Windows Hello with biometrics specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware-based protection of the Windows Hello credential/keys requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based.

[5] Requires Azure Active Directory Premium P1 and Intune or another modern device management (MDM) solution.



8 Comments
Version history
Last update:
‎May 28 2019 03:11 PM
Updated by: