What's new in Windows 10, version 1709 for IT Pros

Applies to

  • Windows 10, version 1709

Below is a list of some of the new and updated content that discusses IT Pro features in Windows 10, version 1709, also known as the Fall Creators Update. Windows 10, version 1709 also contains all features and fixes included in previous cumulative updates to Windows 10, version 1703.

A brief description of new or updated features in this version of Windows 10 is provided, with links to content with more detailed information. The following 3-minute video summarizes these features.

 

Deployment

Windows Autopilot

Windows Autopilot is a zero touch experience for deploying Windows 10 devices. Configuration profiles can now be applied at the hardware vendor with devices being shipped directly to employees. For more information, see Overview of Windows Autopilot.

You can also apply an Autopilot deployment profile to your devices using Microsoft Store for Business. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. For more information, see Manage Windows device deployment with Windows Autopilot Deployment.

Windows 10 Subscription Activation

Windows 10 Subscription Activation lets you deploy Windows 10 Enterprise in your organization with no keys and no reboots using a list of subscribed users. When a subscribed user signs in on their Windows 10 Pro device, features that are Enterprise-only are automatically enabled. For more information, see Windows 10 Subscription Activation.

Autopilot Reset

IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom sign-in screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see Reset devices with Autopilot Reset.

Update

Windows Update for Business

Windows Update for Business now has more controls available to manage Windows Insider Program enrollment through policies. For more information, see Manage Windows Insider Program flights.

Windows Insider Program for Business

You can now register your Azure AD domains to the Windows Insider Program. For more information, see Windows Insider Program for Business.

Administration

Mobile Device Management (MDM)

MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group Policy can be used with Active Directory-joined devices to trigger auto-enrollment to MDM. For more information, see Enroll a Windows 10 device automatically using Group Policy.

Multiple new configuration items are also added. For more information, see What's new in MDM enrollment and management.

Application Management

Mixed Reality Apps

This version of Windows 10 introduces Windows Mixed Reality. Organizations that use WSUS must take action to enable Windows Mixed Reality. You can also prohibit use of Windows Mixed Reality by blocking installation of the Mixed Reality Portal. For more information, see Enable or block Windows Mixed Reality apps in the enterprise.

Configuration

Kiosk Configuration

The AssignedAccess CSP has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For more information, see Create a Windows 10 kiosk that runs multiple apps.

Security

Note

Windows security features have been rebranded as Windows Defender security features, including Windows Defender Device Guard, Credential Guard, and Windows Defender Firewall.

Windows security baselines have been updated for Windows 10. A security baseline is a group of Microsoft-recommended configuration settings and explains their security impact. For more information, and to download the Policy Analyzer tool, see Microsoft Security Compliance Toolkit 1.0.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint has been expanded with powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. For more information, see View the Microsoft Defender for Endpoint Security analytics dashboard.

Windows Defender Application Guard

Windows Defender Application Guard hardens a favorite attacker entry-point by isolating malware and other threats away from your data, apps, and infrastructure. For more information, see Windows Defender Application Guard overview.

Windows Defender Exploit Guard

Window Defender Exploit Guard provides intrusion prevention capabilities to reduce the attack and exploit surface of applications. Exploit Guard has many of the threat mitigations that were available in Enhanced Mitigation Experience Toolkit (EMET) toolkit, a deprecated security download. These mitigations are now built into Windows and configurable with Exploit Guard. These mitigations include Exploit protection, Attack surface reduction protection, Controlled folder access, and Network protection.

Windows Defender Device Guard

Configurable code integrity is being rebranded as Windows Defender Application Control. This rebranding is to help distinguish it as a standalone feature to control execution of applications. For more information about Device Guard, see Windows Defender Device Guard deployment guide.

Windows Information Protection

Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection. For more information, see Deploying and managing Windows Information Protection (WIP) with Azure Information Protection.

Windows Hello

New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you aren't present. More details about this feature will be available soon. For general information, see Windows Hello for Business.

BitLocker

The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see BitLocker Group Policy settings.

Windows security baselines

Microsoft has released new Windows security baselines for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security impact. For more information, and to download the Policy Analyzer tool, see Microsoft Security Compliance Toolkit 1.0.

SMBLoris vulnerability

An issue, known as SMBLoris, which could result in denial of service, has been addressed.

Windows Analytics

Upgrade Readiness

Upgrade Readiness provides insights into application and driver compatibility issues. New capabilities include better app coverage, post-upgrade health reports, and enhanced report filtering capabilities. For more information, see Manage Windows upgrades with Upgrade Readiness.

Update Compliance

New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see Monitor Windows Updates and Microsoft Defender Antivirus with Update Compliance.

Device Health

Maintaining devices is made easier with Device Health, a new, premium analytic tool that identifies devices and drivers that crash frequently and might need to be rebuilt or replaced. For more information, see Monitor the health of devices with Device Health.

Networking

Network stack

Several network stack enhancements are available in this release. Some of these features were also available in Windows 10, version 1703. For more information, see Core Network Stack Features in the Creators Update for Windows 10.

See Also

Windows 10 Features: Review general information about Windows 10 features.
What's New in Windows 10: See what’s new in other versions of Windows 10.
What's new in Windows 10, version 1709: See what’s new in Windows 10 hardware.
Windows 10 Fall Creators Update Next Generation Security: YouTube video about Microsoft Defender for Endpoint in Windows 10, version 1709. Threat protection on Windows 10:Detects advanced attacks and data breaches, automates security incidents and improves security posture.