10 enterprise-friendly features in Windows 10 Fall Creators Update

Windows 10 continues its annual update cycle with Fall Creators Update, which includes a bevy of features aimed at enterprise users to boost productivity with new and enhanced tools.

Video: Top features in the Windows 10 Fall Creators Update

On October 17, 2017, Microsoft released its fourth major build of the Windows 10 operating system to the public. Dubbed "Redstone 3" internally, or version 1709, this iteration is more widely known as Fall Creators Update and brings with it several enhanced features, along with some new ones to help users become more productive. The update does this in various ways, leveraging emerging technologies and upping the ante on some familiar features.

Though considered by some to be a milestone update, it arguably adds less in the way of features compared to the major updates that preceded it. That being said, the case could be made for a quality over quantity, in that Fall Creators Update addresses some pretty solid concerns, particularly in the areas of data security and making work a little easier.

Without further ado, here is a list of 10 of the new, enterprise-friendly features you'll find when updating your organization's workstations to Fall Creators Update.

1. My People

The My People app was pulled last minute from the previous Windows 10 update for it to be fully realized in Fall Creators Update. What is My People you ask? Simply put, it's an "experience," as Microsoft has labeled it, that connects you to your closest contacts and allows you to pin them to your taskbar for quick and easy access to message, email, or video chat with them just by tapping on their icon.

While the app is nifty in concept, it is currently limited to just three contacts pinned at any given time. In addition, the contact's information is pulled from Microsoft's ecosystem--this means no social media or other third-party apps information is displayed ... yet. Future updates may further flesh out this application into a powerhouse collaboration tool, especially for those who work in teams. For now, though, the feature works on a smaller scale, keeping your closest peers available at a moment's notice.

SEE: Windows 10: Streamline your work with these power tips (free TechRepublic PDF)

2. Windows Defender Exploit Guard

With its latest update, Microsoft has gone ahead and further developed the security of its Windows 10 client systems and built a more comprehensive protection suite, called Windows Defender Exploit Guard (Windows Defender EG).

Since data security has long moved away from having antivirus applications and a firewall be the main components necessary to protect your PCs, Microsoft is adapting to the modern threat landscape by providing multiple facets of protection:

  • Exploit protection protects against app vulnerabilities.
  • Attack surface reduction rules reduce the attack surface of known attack vectors through the use of rules.
  • Network protection offers protection against malware and social engineering threats by extending SmartScreen beyond internet-based network traffic to include local area networks (LANs).
  • Controlled folder access helps defend against ransomware attacks (and is covered in more detail later in this article).

3. Continue on PC

As anyone who multitasks between their smartphone and computer or laptop can attest, resorting to emailing information begun on one device to be completed on the other is tedious and sometimes downright unworkable. The line between devices is diminishing even more as software catches up to faster hardware.

Microsoft's Continue On PC is named after the very thing this app was created to do: continue or hand off work, research, and even websites being viewed on your smartphone to your PC so that you can complete it more easily with the larger screen and greater performance afforded by desktop/laptop computers.

4. Microsoft Edge reader and annotation features

Microsoft Edge, the next-generation browser introduced in Windows 10, continues to make headway into the browser market share with small, incremental changes with each passing update. While minor quibbles regarding bookmark management and the ability to pin favorite websites to the taskbar have been corrected, the biggest change involves Edge's PDF reading and annotation capabilities.

Specifically, users can now edit PDF documents natively from the browser itself. This allows the browser to be a one-stop shop for viewing websites while simultaneously enabling users to fill out forms, add notes, and digitally sign PDF documents without having to rely on third-party software, such as unsafe plug-ins that could open the door to compromising your system altogether.

SEE: Windows 10 power tips: Secret shortcuts to your favorite settings (Tech Pro Research)

5. OneDrive files on demand

OneDrive, Microsoft's popular storage service, operates much the way users have come to expect from cloud-based offerings: By storing files on remote servers and allowing users to access them anywhere on the web and by synchronizing files across devices so the most up-to-date versions are always available.

Microsoft has tweaked this somewhat by enabling on-demand features that allow the files to be accessible on the fly. This means files residing on the remote server will be displayed to users and available for use as needed, without occupying storage space on the local disk. When a file is needed, it can be edited remotely, or users may choose to enable offline availability for later use--whichever solution works best for their chosen device.

6. Enhanced Hyper-V functionality

Microsoft's Hyper-V is a hypervisor that allows for the virtualization of a host to be run on a PC--basically like running a second computer from your existing device. If you've thought about creating a virtual machine (VM) to host one or more extra computers, Fall Creators Update makes it even easier to get started.

Utilizing the Virtual Machine Gallery, Microsoft has provided prebuilt images that can be selected to get a VM spun up in minutes using default settings, which include naming the newly created virtual PC and providing network settings to get it online. Furthermore, Hyper-V now includes automatic checkpoints that allow users to roll back to a good known configuration or instance by selecting the snapshot they want to go back to. No need to remember to take snapshots or create checkpoints at certain points in time; this now occurs automatically when a new VM is created.

7. Controlled Folder Access

Ransomware is the bane of users the world over and seemingly the weapon of choice among threat actors looking to cash in on the multibillion dollar security industry. With nearly no end in sight--unless you never open a file on your computer or navigate a website--we're at risk of having our precious data taken from us and held hostage.

In recognizing the severity of this particular type of threat, Controlled Folder Access is introduced as a safeguard for your important documents and system files. Working in conjunction with Windows Defender to scan files and determine whether they're malicious, the Controlled Folder Access function can be configured to protect files and folders from changes. If a change is attempted, a notification alerts you to the change and depending on your configuration, the feature will automatically allow or block the attempt from occurring. You can achieve granular control by whitelisting apps to access protected folders without a prompt, further ensuring that only trusted apps can modify your data.

SEE: Ultimate Windows File Management Suite (TechRepublic Academy)

8. Application Guard

As a system administrator, you're tasked with knowing which applications and sites are safe for employees to use and which ones are not so safe. And while that may be communicated time and again, if users on the network disregard the warnings, they risk exposing their data and devices to compromise. This is the circle of life for administrators, but Microsoft seeks to change that with Application Guard.

How does it plan to achieve this? With a Microsoft-branded browser, Hyper-V, and an administrator-provided definition of what is trusted by the enterprise. Anything not on the list is considered untrusted. So if a site is visited that is not on the trusted list, Application Guard will launch a Hyper-V container that's isolated from the host system and load the site within the container. Should malicious code be executed, it will do so in a sandboxed environment, independent from the user space where the data resides, keeping it free from compromise.

9. Advanced input features

Not every Windows 10 user has a device capable of touch responses, either from a keyboard on a touch screen or pen input via a stylus or digital pen, but plenty of devices ship with this functionality. Microsoft itself has demonstrated this with the success of the Surface line for professionals and creative types--and this functionality has been reworked in Fall Creators Update.

An improved touch-based keyboard onscreen makes it easier to use while on the go, and the already excellent Windows Ink software has been optimized for greater control when paired with a pen. There's also the Find My Pen service, which allows you to track down where your pen was last used, in the event that you've misplaced it. It presents a top-down map with a pinpoint identifying its last known location to aid in finding your lost accessory.

Last, but certainly not least, is Eye Control. This accessibility software component, when paired with a compatible eye tracker, allows greater control over Windows' onscreen mouse, keyboard, and text-to-speech experiences by simply using your eyes during your experience.

10. SMBv1 protocol removal

SMB, short for Server Message Block, is a network file-sharing protocol that is used most commonly to access file shares over a network. It has been used in Windows for decades now. Several revisions to the protocol have been made throughout the years to maintain compatibility across a diverse assortment of network devices and native (and non-native) operating systems, but SMBv1 (version 1) has remained in use all versions of Windows--including Windows 10.

Earlier this year, the WannaCry malware exploited vulnerabilities present in SMBv1 and infected thousands of machines worldwide, effectively locking users out of their data through ransomware encryption. While a patch was made to mitigate the malicious code, many wondered why SMBv1 was still in use when viable (i.e., newer) versions, namely SMBv2/3, were available that weren't plagued by these issues.

Beginning with Fall Creators Update, Microsoft has removed SMBv1 from it network stack for clean-installed devices. Upgraded versions of Windows 10 will continue to have the SMBv1 protocol enabled by default; however, users can uninstall it manually if they want to further secure their network file-sharing uses.

Also read...

Your take

Have you deployed Fall Creators Update in your enterprise? How do like it (or not like it)? Share your thoughts and experiences with fellow TechRepublic members.

By Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...