News

Microsoft Talks Up Security in Windows 10 'Creators Update'

• By Kurt Mackie
• December 07, 2016

The upcoming Windows 10 "Creators Update" will deliver several enterprise-grade security improvements, Microsoft said this week.

The company announced the new update in October as a planned feature update to the Windows 10 operating system that will deliver creative tools support for applications, such as 3-D and augmented-reality support. On Tuesday, Microsoft described some security improvements that also will be arriving with this release. (Editor's note: This story was updated on 12/7 with Microsoft's responses.)

Microsoft hasn't indicated exactly when the Creators Update will arrive, but it's expected to appear perhaps in March 2017 as Windows 10 version 1703 (the so-called "Redstone 2" release), according to this story by long-time Microsoft reporter Mary Jo Foley. That arrival date was confirmed by her unnamed "sources," she said.

Multiple security enhancements were announced Tuesday by Microsoft with the coming Windows 10 Creators Update. Details were missing regarding availability across Windows 10 product editions, as well as licensing details.

Some of the improvements, though, involve Microsoft's Windows Defender Advanced Threat Protection service, which previewed in March but was released for production environments last month with the Windows 10 "anniversary update" (version 1607). Windows Defender Advanced Threat Protection is a post-breach security analysis service that Microsoft plans to sell as part of its top-of-the-line Secure Product Enterprise E5 subscription offering. The E5 subscription dependency is shown in the table at the bottom of this page. Microsoft's Secure Productive Enterprise offerings, which came into effect this quarter, combine licensing for Office 365 services, the Windows 10 Enterprise edition and the Enterprise Mobility + Security suite bundle, as described back in July.

That said, here are the security improvements that are planned for the Windows 10 Creators Update, without licensing details.

Windows Security Center. The Windows Security Center apparently is a new "centralized portal" for showing security events. It will link with Office 365 Advanced Threat Protection, an Exchange Online e-mail security protection service that uses underlying Microsoft Intelligent Security Graph technology (it's actually the "portal for Windows Defender ATP," a Microsoft spokesperson clarified). The Windows Security Center will let IT pros track attacks "across endpoints and email," Microsoft's announcement explained. The announcement added that the Windows Security Center "was first released in the Anniversary Update" (version 1607). However, it didn't show up on Microsoft's TechNet list of new features for that release.

Windows Defender Advanced Threat Protection. Microsoft plans to add detection, intelligence and remediation capabilities to this service with the Windows 10 Creators Update. As mentioned above, the Windows Defender Advanced Threat Protection service analyzes security breaches after they've occurred. It's not the same thing as the Windows Defender anti-malware service built into Windows 10, despite the similar name. However, the service is going beyond being just an analysis tool. Microsoft is planning to add remediation support to this service, too. It will be possible with the Creators Update "to isolate machines, collect forensics, kill and clean running processes and quarantine or block files with a single click in the Windows Security Center," Microsoft's announcement promised. In addition, Windows Defender Advanced Threat Protection will have access to sensors in the Creators Update operating system to detect "threats that persist only in memory or kernel level exploits." Lastly, it will be possible to add "intelligence into the Windows Security Center." Here's how a Microsoft spokesperson described that capability:

SecOps can leverage an open API to define alerts unique to their environment within Windows Defender ATP, based on incidents of compromise (IOCs). Those will get surfaced in the Windows Security Center. Customers' own TI will not be shared with anyone else.

Windows Analytics. Windows Analytics is associated with Windows Upgrade Analytics, an operating system deployment planning tool that's part of Operations Management Suite subscriptions. However, Windows Upgrade Analytics can be used as a standalone tool with a free Azure subscription for Enterprise customers, according to a talk by Michael Niehaus, director of product marketing for Windows. With the Windows 10 Creators Update, there will be an updated Windows Analytics dashboard. This updated dashboard will permit "organizations to use their own telemetry to provide new insights and ensure compliance on the upgrade, update and device health processes within their organizations," Microsoft's announcement stated. Details were omitted.

UEFI In-Place Conversion. The Unified Extensible Firmware Interface (UEFI) is the BIOS replacement found in new PCs. Organizations may have PCs that support UEFI, but they may have put Windows 7 on them and used the traditional BIOS instead. Microsoft plans to deliver an ability with the Windows 10 Creators Update to convert these machines to UEFI as part of the in-place upgrade process from Windows 7. The conversion tool can be used with System Center Configuration Manager, as well as other tools, according to the spokesperson:

This conversion tool can be used as a standalone tool, or it can be integrated with management tools such as System Center Configuration Manager and other management solutions.

Mobile Application Management. Microsoft will provide a feature in the Windows 10 Creators Update that "will protect data on personal devices without requiring the device to be enrolled in a Mobile Device Management solution." A video accompanying Microsoft's announcement showed an information protection type of capability. For instance, the copying of text from a work application into a personal application was prevented. It also showed access getting blocked after an employee termination. Details about this capability weren't described.

Windows Update Size Improvements. Microsoft plans to reduce the size of its updates with the Windows 10 Creators Update. A "differential download" technology promises a 35 percent reduction in file size. Improvements to "express updates" using System Center Configuration Manager could "reduce the monthly update size by up to 90%," Microsoft suggested. These size reductions are part of a coming "Unified Update Platform" technology, Microsoft previously indicated. Niehaus had suggested that a Windows 10 feature update could be reduced from 3.5GB to 2.5GB under this approach. Monthly updates could be reduced to around 1.8GB in size, he added.

Exact timing wasn't described, but previews of some of these Creators Update improvements are expected to show up for Windows Insider Program testers "over the next few weeks," Microsoft indicated.