Lead Image © Galina Peshkova, 123RF.com
Endpoint Security for Windows 10
Well-Tempered Computer
Microsoft introduced a number of new security features in Windows 10, but they are not available in all variants of the operating system. For example, features such as Windows Defender Device Guard – now Microsoft Defender Application Control – or Microsoft Defender Credential Guard are only available in Windows 10 Enterprise E3/E5; Microsoft Defender for Endpoint – formerly Advanced Threat Protection – is only available with Windows 10 Enterprise E3/E5, Microsoft 365 E5 Security, and Microsoft 365 E5. Also not to be ignored is that Microsoft only allows the Enterprise version to use group policies that can configure the Windows Store.
Windows Update for Business
The monthly patch day still causes excitement among many administrators, as does the question as to whether everything will continue to work as it did before the update. Microsoft has changed the update cycle for Windows 10. Apart from the monthly critical updates, the company releases optional updates at different times in the second half of the month. Therefore, you can concentrate on installing the critical updates and install the optional updates at a later point in time, once their compatibility with the IT infrastructure has been successfully checked.
Windows Update for Business [1], the update process for business customers, includes what are known as update rings, which you can use to specify the order in which you want to patch end devices and servers. These rings let you, for example, patch only unimportant computers or special test machines in an initial update wave. Update rings also allow systems to be patched as a function of how they interact. For example, a domain controller can be patched first, followed by an Exchange server that requires the Active Directory (AD) services to work properly.
Windows Update for Business also lets you define
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Reducing your attack surface
Windows Defender Application Control protects systems against threats that traditional virus scanners and signature-based mechanisms cannot detect by restricting applications in the user context and reducing the code allowed in the system kernel. -
New security features in Windows 10
With each version of Windows, Microsoft has expanded the built-in security functions. Windows 10 includes a number of new and interesting security features. -
Reducing the Windows 10 attack surface
Windows attack surface reduction policies make significant progress in protecting your entire IT infrastructure. -
Six new security features for Windows Server 2022
Configure the Secured-core server components to reduce the attack surface of your system with minimal overhead. -
Reducing the Attack Surface in Windows
The sum total of all possible points of attack can be defined as the attack surface, and you need to take every opportunity to minimize it to the extent possible. Windows has built-in rules that minimize the attack surface; they simply need to be enabled.