Credential Guard and Device Guard
Isolated User Mode is now included with Hyper-V so you don't have to install it separately.
Windows Hello for Business
When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
Additional changes for Windows Hello in Windows 10, version 1607:
- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys.
- Group Policy settings for managing Windows Hello for Business are now available for both User Configuration and Computer Configuration.
- Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting Turn on convenience PIN sign-in.
Learn more about Windows Hello for Business.
VPN
- The VPN client can integrate with the Conditional Access Framework, a cloud-pased policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
- The VPN client can integrate with Windows Information Protection (WIP) policy to provide additional security. Learn more about Windows Information Protection, previously known as Enterprise Data Protection.
- New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see What's new in MDM enrollment and management
- Microsoft Intune: VPN Profile (Windows 10 Desktop and Mobile and later) policy template includes support for native VPN plug-ins.
Windows Information Protection (WIP), formerly known as enterprise data protection (EDP)
With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
Learn more about Windows Information Protection (WIP)
Windows Defender
Several new features and management options have been added to Windows Defender in Windows 10, version 1607.
Windows Defender Advanced Threat Protection (ATP)
With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks.
Learn more about Windows Defender Advanced Threat Protection (ATP).