Kb4023057: update for windows 10 update service components

In this article

Below is a list of some of what"s new in Information Technology (IT) pro features in Windows 10, version 1703 (also known as the Creators Update).

Bạn đang xem: Kb4023057: update for windows 10 update service components

For more general info about Windows 10 features, see Features available only on Windows 10. For info about previous versions of Windows 10, see What"s New in Windows 10. Also see this blog post: What’s new for IT pros in the Windows 10 Creators Update.


Windows 10, version 1703 contains all fixes included in previous cumulative updates lớn Windows 10, version 1607. For info about each version, see Windows 10 release information. For a danh sách of removed features, see Features that are removed or deprecated in Windows 10 Creators Update.


Windows Configuration Designer

Previously known as Windows Imaging & Configuration Designer (ICD), the tool for creating provisioning packages is renamed Windows Configuration Designer. The new Windows Configuration Designer is available in nayaritas.net Store as an app. To run Windows Configuration Designer on earlier versions of Windows, you can still install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK).

Windows Configuration Designer in Windows 10, version 1703, includes several new wizards khổng lồ make it easier to create provisioning packages.


Both the desktop và kiosk wizards include an option to remove sầu pre-installed software, based on the new CleanPC configuration service provider (CSP).


Learn more about Windows Configuration Designer.

Azure Active sầu Directory join in bulk

Using the new wizards in Windows Configuration Designer, you can create provisioning packages lớn enroll devices in Azure Active sầu Directory. Azure AD join in bulk is available in the desktop, Mobile, kiosk, and Surface Hub wizards.


Windows Spotlight

The following new Group Policy and di động device management (MDM) settings are added to help you configure Windows Spotlight user experiences:

Turn off the Windows Spotlight on kích hoạt CenterDo not use diagnostic data for tailored experiencesTurn off the Windows Welcome Experience

Learn more about Windows Spotlight.

Start và taskbar layout

Enterprises have sầu been able khổng lồ apply customized Start & taskbar layouts lớn devices running Windows 10 Enterprise & Education. In Windows 10, version 1703, customized Start & taskbar layout can also be applied khổng lồ Windows 10 Pro.

Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10, version 1703, adds tư vấn for customized taskbars to MDM.

Additional MDM policy settings are available for Start và taskbar layout. New MDM policy settings include:

Cortana at work

Cortamãng cầu is nayaritas.net’s personal digital assistant, who helps busy people get things done, even while at work. Cortana has powerful configuration options, specifically optimized for your business. By signing in with an Azure Active sầu Directory (Azure AD) trương mục, your employees can give Cortamãng cầu access khổng lồ their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.

Using Azure AD also means that you can remove an employee’s profile (for example, when an employee leaves your organization) while respecting Windows Information Protection (WIP) policies và ignoring enterprise nội dung, such as emails, calendar items, và people lists that are marked as enterprise data.

For more info about Cortamãng cầu at work, see Cortamãng cầu integration in your business or enterprise



MBR2GPT.EXE is a new command-line tool available in Windows 10 version 1703 & later versions. MBR2GPT converts a disk from Master Boot Record (MBR) khổng lồ GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed lớn be run from a Windows Preinstallation Environment (Windows PE) comm& prompt, but can also be run from the full Windows 10 operating system (OS).

The GPT partition format is newer và enables the use of larger & more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to lớn GPT, you must also configure the computer lớn boot in UEFI mode, so make sure that your device supports UEFI before attempting khổng lồ convert the system disk.

Additional security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, và BitLocker Network Unloông chồng.

For details, see MBR2GPT.EXE.


nayaritas.net Defender for Endpoint

New features in nayaritas.net Defender for Endpoint for Windows 10, version 1703 include:

DetectionEnhancements to the detection capabilities include:

Improvements on OS memory và kernel sensors to lớn enable detection of attackers who are using in-memory và kernel-level attacksUpgraded detections of ransomware và other advanced attacksHistorical detection capability ensures new detection rules apply khổng lồ up khổng lồ six months of stored data khổng lồ detect previous attacks that might not have been noticed

InvestigationEnterprise customers can now take advantage of the entire Windows security stachồng with nayaritas.net Defender Antivirut detections and Device Guard blocks being surfaced in the nayaritas.net Defender for Endpoint portal. Other capabilities have sầu been added to lớn help you gain a holistic view on investigations.

Xem thêm: Terminal View - The Unofficial Guide To Washington, D

Other investigation enhancements include:

ResponseWhen detecting an attaông xã, security response teams can now take immediate action to contain a breach:

Other features

You can read more about ransomware mitigations and detection capability in nayaritas.net Defender for Endpoint in the blog: Averting ransomware epidemics in corporate networks with nayaritas.net Defender for Endpoint.

Get a quiông xã, but in-depth overview of nayaritas.net Defender for Endpoint for Windows 10 và the new capabilities in Windows 10, version 1703 see nayaritas.net Defender for Endpoint for Windows 10 Creators Update.

nayaritas.net Defender Antivirus

Windows Defender is now called nayaritas.net Defender Antivirut, and we"ve increased the breadth of the documentation library for enterprise security admins.

The new library includes information on:

Some of the highlights of the new library include:

New features for nayaritas.net Defender AV in Windows 10, version 1703 include:

In Windows 10, version 1607, we invested heavily in helping to protect against ransomware, và we continue that investment in version 1703 with updated behavior monitoring và always-on real-time protection.

You can read more about ransomware mitigations and detection capability in nayaritas.net Defender AV in the ransomware information topic & at the nayaritas.net Malware Protection Center blog.

Device Guard and Credential Guard

Additional security qualifications for Device Guard and Credential Guard help protect vulnerabilities in UEFI runtime.For more information, see Device Guard Requirements & Credential Guard Security Considerations.

Group Policy Security Options

The security setting Interactive logon: Display user information when the session is locked has been updated to work in conjunction with the Privacy setting in Settings > Accounts > Sign-in options.

A new security policy settingInteractive logon: Don"t display username at sign-in has been introduced in Windows 10 version 1703. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the Privacy setting in Settings > Accounts > Sign-in options. The setting only affects the Other user tile.

Windows Hello for Business

You can now rephối a forgotten PIN without deleting company managed data or apps on devices managed by nayaritas.net Intune.

For Windows Phone devices, an administrator is able lớn initiate a remote PIN rephối through the Intune portal.

For Windows desktops, users are able lớn reset a forgotten PIN through Settings > Accounts > Sign-in options.

For more details, kiểm tra out What if I forget my PIN?.

Windows Information Protection (WIP) and Azure Active Directory (Azure AD)

nayaritas.net Intune helps you create & deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection màn chơi, and how lớn find enterprise data on the network. For more info, see Create a Windows Information Protection (WIP) policy using nayaritas.net Intune and Associate & deploy your Windows Information Protection (WIP) & VPN policies by using nayaritas.net Intune.

You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, How lớn collect Windows Information Protection (WIP) audit sự kiện logs.


Windows Update for Business

The pause feature has been changed, và now requires a start date to lớn phối up. Users are now able to pause through Settings > Update & security > Windows Update > Advanced options in case a policy has not been configured. We have also increased the pause limit on unique updates lớn 35 days. You can find more information on pause in Pause Feature Updates and Pause Quality Updates.

Windows Update for Business managed devices are now able to lớn defer feature update installation by up khổng lồ 365 days (it used to lớn be 180 days). In settings, users are able lớn select their branch readiness cấp độ and update deferral periods. See Configure devices for Current Branch (CB) or Current Branch for Business (CBB), Configure when devices receive sầu Feature Updates và Configure when devices receive sầu Quality Updates for details.

Windows Insider for Business

We recently added the option khổng lồ download Windows 10 Insider PReviews builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedbaông chồng submitted by users in your organization – especially on features that tư vấn your specific business needs. For details, see Windows Insider Program for Business.

Optimize update delivery

With changes delivered in Windows 10, version 1703, Express updates are now fully supported with nayaritas.net Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-buổi tiệc nhỏ updating và management products that implement this new functionality. This is in addition to current Express tư vấn on Windows Update, Windows Update for Business and WSUS.