A quick aside, because I've been asked this question a few times: Microsoft made two different preview versions of Windows 10 available for download this week: The Technical Preview and the Technical Preview for Enterprise. The latter includes some enterprise-specific SKU features, such as Windows To Go, DirectAccess, BranchCache and AppLocker, that are not in the plain-old Tech Preview. Not all of the features mentioned in this post are part of either of these preview builds yet, but it sounds like they are on the Windows 10 roadmap.
According to Niehus, Microsoft is doing a lot of work on the security front with Windows 10. Microsoft has made Azure Active Directory a "first class citizen" with Windows 10, so that customers can use Azure AD identities to log into their devices "so users can get the same benefits as using an MSA (Microsoft Account) such as Store access, settings, sync and live tiles." Business also can use their existing Active Directory, federated in the cloud with Azure Active Directory, no Microsoft Account needed. Windows 10 also includes "next generation user credentials," like password alternative, which enables single sign-in everywhere.
"Threshold (Windows 10) builds data protection into the natural flow (and) integrates data protection at the platform level," Niehus blogged. It also enables per-application VPN, meaning it only allows specific apps to be on the VPN. Administrators will be able to restrict remote access to specific applications and/or with specific port/IP addresses. He cited as an example that IT will be able to allow IT access over the VPN, but restrict that access to specific ports or IP addresses. He also noted that IT can use the same list of apps for Enterprise Data Protection and allow them to access the VPN. Existing inbox VPN clients or Windows Store VPN clients for Windows Phone 8.1, or Windows Store VPN clients for Windows Phone 8.1 will all work with this functionality.
"The (new) Windows Store will also support more than just modern apps. It will add desktop apps, as well as other types of digital content. We will provide many different ways to pay for apps. And we'll provide an organization store within the public Windows Store, where an org can place their own curated list of public apps as well as specific line-of-business apps that their employees need."
Microsoft is creating a new volume-purchasing program that will allow companies to buy apps in bulk, deploy those apps and manage the licenses, meaning reclaiming and re-using licenses when an employee leaves a company, for example. Microsoft will support using Azure Active Directory accounts to acquire organizational apps, and Microsoft Accounts for personal apps. Microsoft will give users the option to continue to sideload apps, if they'd prefer to continue to do so, or to deploy apps from the Windows Store by using new mobile-device-management controls to interact with the volume purchase program.
Organizations will have the option of using a mobile-device-management (MDM) service like Intune. The MDM service will communicate with the Volume Purchase Program so that Windows Store will do the "heavy lifting," Niehus blogged, meaning it will install the apps and acquire a license for the user.
Speaking of MDM, Microsoft is bringing MDM capabilities to traditional desktops and laptops with Windows 10. Additionally, Microsoft will allow third-party MDM offerings to manage both Windows and Windows Phone VPN-based remote access. Any VPN service provider will be able to create a remote-access app, and third-party VPN client apps will be distributable through the Windows 10 Store.
A couple of other enterprise-focused Windows 10 tidbits that weren't in Niehus' post: Windows 10's fast-updating feature is an opt-in thing, as Rod Trent of Windows IT Pro noted. There will be a locked-down version which will allow businesses to throttle how quickly their users get the regular updates to Windows 10 by using Windows Server Update Services.