This article lists new và updated features và content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared lớn Windows 10 Enterprise LTSC năm nhâm thìn (LTSB). For a brief description of the LTSC servicing channel & associated support, see Windows 10 Enterprise LTSC.
Bạn đang xem: Download, install and active cn windows10 enterprise ltsc 2019
Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to lớn address the needs of large và mid-size organizations (including large academic institutions), such as:
Advanced protection against modern security threatsFull flexibility of OS deploymentUpdating và tư vấn optionsComprehensive device & ứng dụng management & control capabilitiesThe Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative sầu enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below.
Important
The LTSC release is intended for special use devices. Support for LTSC by apps và tools that are designed for the semi-annual channel release of Windows 10 might be limited.
nayaritas.net Intune
nayaritas.net Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes tư vấn for features such as Windows Autopilot. However, note that Windows 10 Update Rings Device profiles vì chưng not tư vấn LTSC releases, therefore you should use Policy configuration service provider, WSUS, or Configuration Manager for patching.
Security
This version of Window 10 includes security improvements for threat protection, information protection, và identity protection.
Threat protection
nayaritas.net Defender for EndpointThe nayaritas.net Defender for Endpoint platsize includes the security pillars shown in the following diagram. In this version of Windows, Defender for Endpoint includes powerful analytics, security staông chồng integration, và centralized management for better detection, prevention, investigation, response, and management.
Attaông xã surface reduction includes host-based intrusion prevention systems such as controlled thư mục access.- This feature can help prevent ransomware và other destructive sầu malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes khổng lồ common folders lượt thích Documents và Pictures. We’ve made it easier for you khổng lồ add apps that were recently blocked so you can keep using your device without turning off the feature altogether.- When an app is blocked, it will appear in a recently blocked apps menu, which you can get lớn by clicking Manage settings under the Ransomware protection heading. Cliông chồng Allow an app through Controlled thư mục access. After the prompt, cliông xã the + button & choose Recently blocked apps. Select any of the apps to add them khổng lồ the allowed danh mục. You can also browse for an ứng dụng from this page.
Windows Defender FirewallWindows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access lớn a port from the outside (like SSH or a website VPS like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This was first introduced in Build 17627.
Windows Defender Device GuardDevice Guard has always been a collection of technologies that can be combined khổng lồ loông chồng down a PC, including:
Software-based protection provided by code integrity policiesHardware-based protection provided by Hypervisor-protected code integrity (HVCI)But these protections can also be configured separately. And, unlượt thích HVCI, code integrity policies do not require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have sầu been rebranded as Windows Defender Application Control.
Next-ren protection
Endpoint detection and response
Endpoint detection và response is improved. Enterprise customers can now take advantage of the entire Windows security stack with nayaritas.net Defender Antivirut detections & Device Guard blocks being surfaced in the nayaritas.net Defender for Endpoint portal.
Windows Defender is now called nayaritas.net Defender Antivirus và now shares detection status between M365 services and interoperates with nayaritas.net Defender for Endpoint. Additional policies have also been implemented lớn enhance cloud based protection, & new channels are available for emergency protection. For more information, see Virus và threat protection & Use next-ren technologies in nayaritas.net Defender Antivirus through cloud-delivered protection.
We"ve sầu also increased the breadth of the documentation library for enterprise security admins. The new library includes information on:
Use the threat intelligence API khổng lồ create custom alerts - Understvà threat intelligence concepts, enable the threat intel application, và create custom threat intelligence alerts for your organization.
Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks.Upgraded detections of ransomware & other advanced attacks.Historical detection capability ensures new detection rules apply khổng lồ up khổng lồ six months of stored data khổng lồ detect previous attacks that might not have sầu been noticed.Threat response is improved when an attack is detected, enabling immediate action by security teams lớn contain a breach:
Additional capabilities have been added to lớn help you gain a holistic view on investigations include:
Other enhanced security features include:
We"ve also added a new assessment for the Windows time service khổng lồ the Device performance & health section. If we detect that your device’s time is not properly synced with our time servers và the time-syncing service is disabled, we’ll provide the option for you khổng lồ turn it bachồng on.
We’re continuing to lớn work on how other security apps you’ve sầu installed show up in the Windows Security app. There’s a new page called Security providers that you can find in the Settings section of the app. Clichồng Manage providers to see a list of all the other security providers (including antivirut, firewall, và website protection) that are running on your device. Here you can easily open the providers’ apps or get more information on how to lớn resolve issues reported to you through Windows Security.
This also means you’ll see more link to other security apps within Windows Security. For example, if you open the Firewall & network protection section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain name, private, và public networks).
You can read more about ransomware mitigations và detection capability at:
Also see New capabilities of nayaritas.net Defender for Endpoint further maximizing the effectiveness & robustness of endpoint security
Get a quick, but in-depth overview of nayaritas.net Defender for Endpoint for Windows 10: Defender for Endpoint.
For more information about features of nayaritas.net Defender for Endpoint available in different editions of Windows 10, see the Windows 10 commercial edition comparison.
Information protection
Improvements have sầu been added to Windows Information Protection & BitLocker.
Windows Information ProtectionWindows Information Protection is now designed to lớn work with nayaritas.net Office and Azure Information Protection. For more information, see Deploying và managing Windows Information Protection (WIP) with Azure Information Protection.
Xem thêm: Cover By J Fla Là Ai, Khám Phá Tiểu Sử Và Sự Nghiệp Của Thánh Nữ Cover
nayaritas.net Intune helps you create và deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection màn chơi, & how to lớn find enterprise data on the network. For more info, see Create a Windows Information Protection (WIP) policy using nayaritas.net Intune and Associate and deploy your Windows Information Protection (WIP) and VPN policies by using nayaritas.net Intune.
You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, How lớn collect Windows Information Protection (WIP) audit sự kiện logs.
This release enables support for WIP.. with Files on Demvà, allows tệp tin encryption while the file is open in another app, & improves performance. For more information, see OneDrive sầu Files On-Demand For The Enterprise.
BitLocker
The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see BitLocker Group Policy settings.
Silent enforcement on fixed drivesThrough a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active sầu Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI.
This is an update to the BitLocker CSPhường, which was introduced in Windows 10, version 1703, và leveraged by Intune and others.
This feature will soon be enabled on Olympia Corp as an optional feature.
Delivering BitLocker policy to AutoPilot devices during OOBEYou can choose which encryption algorithm lớn apply to lớn BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (và other BitLocker policies that must be applied prior to encryption), to lớn be delivered before BitLocker encryption begins.
For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied lớn devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE.
To achieve this:
Identity protection
Improvements have been added are lớn Windows Hello for Business và Credential Guard.
Windows Hello for BusinessNew features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device lớn automatically lochồng when you walk away from it, or to prevent others from accessing the device when you are not present.
New features in Windows Hello for Business include:
For Windows Phone devices, an administrator is able lớn initiate a remote PIN remix through the Intune portal.
Windows Hello now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices & has enhanced support for shared devices, as described in Kiosk configuration.
Support for S/MIME with Windows Hello for Business & APIs for non-nayaritas.net identity lifecycle management solutions.
Windows Hello is part of the trương mục protection pillar in Windows Defender Security Center. Account Protection will encourage password users lớn phối up Windows Hello Face, Fingerprint or PIN for faster sign in, & will notify Dynamic lock users if Dynamic loông chồng has stopped working because their phone or device công nghệ Bluetooth không dây is off.
You can phối up Windows Hello from lochồng screen for MSA accounts. We’ve made it easier for nayaritas.net trương mục users to lớn mix up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into lớn Settings to find Windows Hello. Now, you can phối up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options.
It is easier lớn phối up Dynamic lock, & WD SC actionable alerts have been added when Dynamic loông xã stops working (ex: phone Bluetooth is off).
For more information, see: Windows Hello & FIDO2 Security Keys enable secure và easy authentication for shared devices
Windows Defender Credential GuardWindows Defender Credential Guard is a security service in Windows 10 built khổng lồ protect Active sầu Directory (AD) domain credentials so that they can"t be stolen or misused by malware on a user"s machine. It is designed to lớn protect against well-known threats such as Pass-the-Hash & credential harvesting.
Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns this functionality on by mặc định when the machine has been Azure Active Directory joined. This provides an added màn chơi of security when connecting khổng lồ tên miền resources not normally present on devices running Windows 10 in S mode.
