Windows 10 Fall Creators Update: What's coming on the security front

Microsoft will be adding a number of new security features to Windows 10 Fall Creators Update, but for Enterprise and Windows Server users only.
Written by Mary Jo Foley, Senior Contributing Editor

As its name indicates, the Windows 10 Fall Creators Update will include primarily new features and updates for "creators." But Microsoft will also be adding some features to this next feature update to Windows 10 for Enterprise and Windows Server users, too.


New and updated security features are the biggest -- and possibly only -- reason that many business customers may be interested in this update.

On June 26, Microsoft officials shared specifics on the security updates coming to Windows 10 Fall Creators Update.

Almost all of the new functionality is focused on Windows Defender Advanced Threat Protection (ATP) -- Microsoft's threat detection and protection service -- which Microsoft executives are now describing as "a suite of tools." Windows Defender ATP, going forward, will include Windows Defender Application Guard, Windows Defender Device Guard, and Windows Defender Antivirus, officials said.

Note: Windows Defender ATP is part of Windows 10 Enterprise only; it is not available to users of other editions of Windows 10.

Microsoft also plans to bake more predictive capabilities into the service when it updates Defender ATP with the Fall Creators Update.

Windows Defender Application Guard (WDAG) -- the technology formerly codenamed "Barcelona" -- was something Microsoft originally hoped to debut as part of Windows 10 Creators Update earlier this year. Because it needed more testing, the feature got pushed to the Windows 10 Fall Creators Update, which is expected to begin rolling out in September.

WDAG isolates potential malware and exploits downloaded via the browser and isolates and contains the threat. WDAG will use virtualization-based security, isolating potentially malicious code in containers so it can't spread across company networks, officials have said.

Microsoft also is reversing course with regards to its Enhanced Mitigation Experience Toolkit (EMET). After announcing it would discontinue supporting EMET in 2018 because Windows 10 was so secure, Microsoft has decided to build EMET into the Windows 10 core, extend it, and call call this feature Windows Defender Exploit Guard. Reports that Microsoft would be building EMET into Windows 10 surfaced late last week.

Microsoft officials say Exploit Guard will use intelligence from the Microsoft Intelligent Security Graph to help users thwart intrusions and threats, including zero day threats, before they can happen.

"With WDAG and Windows Defender Exploit Guard, you have an extra layer of defense against malware attacks in-between the firewall and antivirus software," according to Microsoft's June 27 blog post announcing its plans.

Microsoft officials said they also are using "cloud intelligence" in the form of information from the Intelligent Security Graph, plus data science and machine learning to identify threats and improve protection provided by Windows Defender Antivirus.

The company plans to make the management of all of these features more seamless with Intune and System Center Configuration Manager, they said. And new Security Analytics capabilities will allow companies to analyze their Windows security feature utilization and configurations, plus monitor Windows 10 security patch status across Windows 10 end points.

As of this Fall, Windows Defender Advanced Threat Protection also will be extended cover Windows Server and not just client. Windows Server 2016 is getting a new feature update around September 2017, the same time that Windows 10 is.

Update: In response to a reader question about what is happening from a licensing standpoint with Windows Defender Device Guard in Fall Creators Update, here's Microsoft's response, via a spokesperson:

"Windows Defender Device Guard is available to Windows 10 E3 and E5 customers. For both E3 and E5 customers the Fall Creators Update will simplify application control, on any Windows 10 device, by relaxing hardware requirements and streamlining the management of the safe application lists to ease customer adoption through automation. For customers that have the Windows Defender ATP suite (E5), Windows Defender Device Guard will be integrated into Windows Defender ATP's Security Center console where it will expose Device Guard alerts and audit information and enable Device Guard to be applied to at risk devices on demand."
Editorial standards