We already knew that the next version of Windows 10, the Fall Creators Update, will feature a large number of new tools for consumers. While it was always clear that business users would also get their fair share of updates, Microsoft remained pretty quiet about what those would look like. That’s changing this week, as the company today announced a number of new security features for Windows 10 that will launch with the Fall Creators Updates later this year.
Rob Lefferts, the director of program management for Windows Enterprise and Security, told me that the company is obviously aware of the changing security landscape, which now often includes well-funded and supported hackers. To stay ahead of these threats, the company is doubling down on its existing security efforts, but in addition, it’s now also pushing ahead with new initiatives that emphasize cloud intelligence with AI and machine learning.
So while the team is hardening the Windows 10 platform with this new release — just like it has done with all the previous releases — it’s also building up its efforts to use the cloud to analyze security threats and prevent attacks.
As Lefferts noted, 96 percent of the attacks that Microsoft is seeing are distinct attacks. That’s partly because malware is now often polymorphic but also because the company is seeing more custom attacks.
One of the main vectors for attacking any desktop operating system is the browser. Back in 2016, Microsoft announced that it was working on a sandboxing technique — the Windows Defender Application Guard — that would allow it to stop attackers from ever getting a foothold on the machine, even if they were able to penetrate the browser’s defenses. It took the company quite a while to get this to market, but the next version of Windows 10 will now ship with support for this feature. Lefferts told me that it took the team a while to figure out the right user experience to enable this feature, which is hard when you start every browser session from zero. The team also had to ensure that it could quickly spin up these micro-containers with the Edge browser fast enough.
In addition, Microsoft is also improving the Windows Defender Exploit Guard with data it gathers from across its users. The Exploit Guard features a large set of intrusion rules and policies and Microsoft says that this feature should now help protect organizations better against quite a few advanced threats, including zero day exploits.
The company has now also built the Enhanced Mitigation Experience Toolkit (EMET), which was previously available as a stand-alone tool, right into Windows 10. Lefferts stressed that this was something that Microsoft’s users had asked for.
Microsoft is also extending the Windows Defender Advanced Threat Protection (ATP) feature that allows enterprise security teams to detect and respond to threats to include the Windows Server OS for protection across platforms. What’s more interesting, though, is that ATP is now linked to Microsoft’s cloud-based security services that use advanced analytics and machine learning to understand threats based on the huge number of signals Microsoft receives from across its users. The company is also using this cloud-based protection model to improve Windows Defender Antivirus.
Other new features include an improved version of Device Guard, the company’s service for managing which applications an enterprise user can run on a company-issued machine. Device Guard is now also integrated into Windows Defender ATP, which should make it easier to manage for IT and security teams. In addition, companies that want to opt into this can now use data from the Microsoft Intelligent Security Graph, which combines billions of data points to analyze threats, to automatically allow users to install applications that are most likely safe to install (thing Microsoft Word, Excel, etc.).
Lefferts noted that Microsoft’s goal is to bring together all of its compute, big data and machine learning smarts — combined with data it gathers from its users around the globe and traditional signature-based approaches — to protect its customer’s machines. “We think the Fall Creators update takes full advantage of Windows threat protection and we are pushing forward,” he said.