Top ten enterprise features in the Windows 10 October Update

Image 1 of 10

Security improvements

As well as the improvements to the Windows and Edge user interfaces and consumer tools like Mixed Reality Flashlight, the Windows 10 October 2018 update comes with some solid improvements aimed at enterprises, especially in security.
There's a simpler user interface for users to see the state of their systems, which is now just called Windows Security. You can see the highlights under Settings / Update & Security / Windows Security, or launch the full view from there or directly via the system tray. The 'Virus & threat protection' section shows any action you need to take to protect your system, and includes some new controls that you can also manage centrally.
If you're not already controlling Windows Defender Application Guard (WDAG, which opens Edge in an isolated VM for security), there's now a link to install it from the App & browser control section of Windows Security, under 'Isolated browsing'. With WDAG on, you can use Group Policy to allow files to be downloaded in Edge to the host PC: under Administrative Templates / Windows Components / Windows Defender Application Guard, select 'Allow files to download and save to the host operating system' from Windows Defender Application Guard.
Controlled folder access stops ransomware corrupting files, but this can also block legitimate apps from editing common folders like Documents and Pictures. To fix this, choose Windows Security / Virus & threat protection settings / Ransomware protection / Manage ransomware protection, and select 'Allow an app through controlled folder access' and 'Add an allowed app'.
You can now block DMA access for Thunderbolt devices while a PC is locked -- which can be an attack vector -- using the IOMMU. Choose Device security / Core isolation / Core isolation details and set 'Memory integrity' to on. External GPUs connected via Thunderbolt 3 can be safely ejected from the Safely Remove Hardware and Eject Media icon in the system tray.
Windows Security now integrates third-party tools. Choose Settings / Security providers / Manage providers to see all the antivirus, firewall and web protection agents running on a device.
Edge also has some HTTP/2 improvements. As well as using connection coalescing to speed up sites that use sharding (which improved performance for HTTP/1.1 but slows down HTTP/2), it can cope with sites that list cipher suites in the wrong order. Instead of terminating the connection, it negotiates the correct encryption from the server's list of allowed and banned protocols.

Image: Mary Branscombe/TechRepublic
Notepad

IT pros and developers will find Notepad a little more convenient. There are little things like the status bar being on by default, getting Ctrl-Backspace support for deleting the previous word, the ability to zoom in and out with View / Zoom or Ctrl-+ and - keys, and seeing line and column numbers with Word Wrap.
You no longer have to go to the beginning on a text file before using Find and Replace to catch everything. If you need to look up an error code that you see in a log file, Ctrl-E or Edit / Search with Bing searches for currently selected text online, saving you copying it to the browser.
But the big change is support for UNIX and Linux-style line endings (LF) as CR line endings (used for Macs until OS X). New files are created with Windows (CRLF) endings, but you can view, print and edit files with LR or CR line ending. The lines will wrap correctly and if you paste in text or press Enter, the file will use the line endings it had when you opened it.
If you open a file with mixed line endings, Notepad uses the first line ending it comes to as the default -- check the status bar to see what's been detected.
If the new line ending support causes problems with any of the text files you need to work with, you can turn it off by changing these keys at HKEY_CURRENT_USER\Software\Microsoft\Notepad. Set 'fPasteOriginalEOL' to 1 to stop line endings in text you paste into notepad being changed to match the open text file, or set 'fWindowsOnlyEOL' to 1 to use Windows CRLF line endings when you press Enter.

Image: Mary Branscombe/TechRepublic
Command line and WSL improvements

The October 2018 Update adds a brand new pseudo-console infrastructure, ConPTY, that allows console applications (from Microsoft or other software developers) to use UTF-8 encoded text/VT connections to command-line applications instead of calling the Windows Console API. That improves compatibility with the command-line interfaces of Linux binaries you run with Windows Subsystem for Linux (WSL) and unlocks new features like the 16 million RGB colours that Windows supports at the command line that aren't being added to the Console API.
The Windows Console already supports using Ctrl-C and Ctrl-V for copy and paste, but for Bash and other Linux shells that you can use with WSL you may prefer to save Ctrl-V and insert the next key combination you press without running it (Ctrl-C works as cancel, but only when a process is running, so you wouldn't be able to copy anyway). If you want alternative copy and paste shortcuts, right-click on the title bar of any Console window and choose Properties then select 'Use Ctrl+Shift+C/V as Copy/Paste' to turn on those shortcuts.
You can now launch a Linux shell for the current folder from File Explorer, not just a command prompt or PowerShell console. Hold down Shift and right-click on the folder name, then choose 'Open Linux shell here'. If you're already in the folder, type 'bash' into the address bar.
WSL processes now go through the Windows Firewall and can have firewall rules and exceptions applied. So if you run an SSH or web server in WSL, you'll see the Windows Firewall prompt to open an outside port, the same as with native Windows processes.

Image: Mary Branscombe/TechRepublic
Kiosk mode

There's a new wizard to make it easier to set a device up as a single-app kiosk or digital sign. To create the kiosk account and assign the app to run, choose Accounts / Family & other users / Set up a kiosk / Assigned access / Get started. Edge also now has a kiosk mode with either a single website running full screen or multiple tabs; both use InPrivate. For a multi-app kiosk, you can also run a full version of Edge.

Image: Mary Branscombe/TechRepublic
Non-admin font install

Previously, Windows fonts have been installed for all users, so installing a font needed admin privileges. That meant either giving any user who needed to install new fonts an admin account, or making them wait for an admin to log in and approve the install. Fonts from the Windows Store already install without admin privileges, and in 1809 that also applies to any font. Right-click on the font file in File Explorer and choose 'Install' rather than 'Install for all users'. If the font is in a ZIP file, you can't right-click, but you can double-click the font to open it in the font previewer and click 'Install'.

Image: Mary Branscombe/TechRepublic
Change system font sizes

As well as several improvements to the accessibility tools like Narrator and Magnify, it's now easier to change the font size across Windows -- including Start, Settings, control panels and apps like File Explorer -- to help users who find it hard to read small fonts. Choose Settings / Ease of Access and drag the slider under 'Make text bigger' to a comfortable size.

Image: Mary Branscombe/TechRepublic
Leap second support

Windows 10 now supports the occasional leap seconds used to adjust UTC time about every 18 months, a new precision time protocol for organisations that need the highest accuracy for industrial, weather or flight control uses, and more accurate network timestamps that remove the delay introduced by Windows networking. Windows Security / Device performance & health now covers the Windows time service; if your device time or date is so wrong that it can't connect to a time server to sync the correct time, you'll see an option to turn time syncing back on.

Image: Mary Branscombe/TechRepublic
More details on power use

Task Manager now includes 'Power usage' and 'Power usage trend' columns that show how much power an app uses -- including CPU, GPU and disk usage -- to help diagnose apps that could be responsible for poor battery life.

Image: Mary Branscombe/TechRepublic
Wireless projection bar

When you project your PC screen wirelessly to a second screen or another PC, a bar now appears at the top of the screen, much like when making a Remote Desktop Connection. This puts the Disconnect button where you can easily find it and also lets you pick the screen latency. Games mode minimises screen latency, Video mode increases latency so videos play more smoothly, and Productivity is in the middle to balance responsive typing and smooth screen updates.

Image: Mary Branscombe/TechRepublic
Mobile broadband

LTE mobile broadband in Windows 10 now uses the new Net Adapter driver framework as the default for generic drivers, both for USB modems and SIM cards connected over the internal USB bus. This is shown in Device Manager as the Generic Mobile Broadband Cx Net Adapter. If that causes problems, you can go back to the Mobile Broadband Adapter driver. (This doesn't apply if you have hardware-specific drivers, like in the ARM-based Always Connected PCs.)
Whichever driver you use, you can now see roaming data consumption under Settings / Network & Internet / Data usage.

Microsoft Weekly Newsletter

Be your company's Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays
Sign up today

Also see
- Windows 10 power tips: Secret shortcuts to your favorite settings (Tech Pro Research)
- How to avoid installing Windows 10 crapware (free PDF) (TechRepublic)
- Top ten features in the Windows 10 October 2018 Update (TechRepublic)
- Windows 10 1809: Microsoft reveals features it's dropping in October 2018 Update (ZDNet)
- What to expect from Windows 10 October 2018 Update (ZDNet)
- Windows 10: This new preview helps you free up disk space by clearing old files (ZDNet)
Image: Mary Branscombe/TechRepublic

Security improvements

As well as the improvements to the Windows and Edge user interfaces and consumer tools like Mixed Reality Flashlight, the Windows 10 October 2018 update comes with some solid improvements aimed at enterprises, especially in security.

There's a simpler user interface for users to see the state of their systems, which is now just called Windows Security. You can see the highlights under Settings / Update & Security / Windows Security, or launch the full view from there or directly via the system tray. The 'Virus & threat protection' section shows any action you need to take to protect your system, and includes some new controls that you can also manage centrally.

If you're not already controlling Windows Defender Application Guard (WDAG, which opens Edge in an isolated VM for security), there's now a link to install it from the App & browser control section of Windows Security, under 'Isolated browsing'. With WDAG on, you can use Group Policy to allow files to be downloaded in Edge to the host PC: under Administrative Templates / Windows Components / Windows Defender Application Guard, select 'Allow files to download and save to the host operating system' from Windows Defender Application Guard.

Controlled folder access stops ransomware corrupting files, but this can also block legitimate apps from editing common folders like Documents and Pictures. To fix this, choose Windows Security / Virus & threat protection settings / Ransomware protection / Manage ransomware protection, and select 'Allow an app through controlled folder access' and 'Add an allowed app'.

You can now block DMA access for Thunderbolt devices while a PC is locked -- which can be an attack vector -- using the IOMMU. Choose Device security / Core isolation / Core isolation details and set 'Memory integrity' to on. External GPUs connected via Thunderbolt 3 can be safely ejected from the Safely Remove Hardware and Eject Media icon in the system tray.

Windows Security now integrates third-party tools. Choose Settings / Security providers / Manage providers to see all the antivirus, firewall and web protection agents running on a device.

Edge also has some HTTP/2 improvements. As well as using connection coalescing to speed up sites that use sharding (which improved performance for HTTP/1.1 but slows down HTTP/2), it can cope with sites that list cipher suites in the wrong order. Instead of terminating the connection, it negotiates the correct encryption from the server's list of allowed and banned protocols.

Image: Mary Branscombe/TechRepublic

By Mary Branscombe

Mary Branscombe is a freelance tech journalist. Mary has been a technology writer for nearly two decades, covering everything from early versions of Windows and Office to the first smartphones, the arrival of the web and most things inbetween.

| Full Bio
| See all of Mary's content

Security improvements

Notepad

Command line and WSL improvements

Kiosk mode

Non-admin font install

Change system font sizes

Leap second support

More details on power use

Wireless projection bar

Mobile broadband

Microsoft Weekly Newsletter

Also see

Security improvements

By Mary Branscombe

Join Discussion