Making the Most of Windows 10 in Your Enterprise

By Ed Jones

With Windows 10 now active on 200 million devices, this new operating system is on the fastest growth trajectory of any Windows desktop version ever. This article takes an in-depth look at the enterprise version of the Windows 10 system, covering some of the most useful and powerful features. It also explains how to access and utilize some of these core features to make the most of Windows 10 as a user and as a systems administrator.

With the ever present and growing threat of cyber-crime, it’s unsurprising that many of the most significant enhancements in Windows 10 are security focussed. Let’s look at two of the most powerful features.

Microsoft Device Guard is aimed at tackling malware in Windows 10. Requiring activation at the server level, Device Guard protects the core kernel from malware, which is critical in preventing malicious code from permanently compromising the OS.

Device Guard makes enterprisewide application whitelists easier to administer and enforce, locking down your company devices so they can run only trusted applications. This is done with a combination of hardware and software security features.

Implementing Device Guard is a lengthy process. However, there’s a comprehensive deployment guide in Microsoft’s TechNet library.

Replacing Passwords With Two-Factor Authentication

Another new feature, Microsoft Passport, replaces your user passwords with strong two-factor authentication using an enrolled device and Windows Hello (biometric) or PIN. It also enables a Windows 10 mobile device to act as a remote credential, allowing users to sign into Windows 10 PCs using Bluetooth.

Why use this capability?

· It offers greater protection to user identities.

· Replacing passwords prevents common phishing and brute force attacks.

· It prevents server breaches and replay attacks, as Microsoft Passport credentials are an asymmetrical key pair.

· Remote credential authentication is an easy, cost-effective way to implement two-factor authentication.

How to use it:

Implementing Microsoft Passport on Windows 10 requires creating a Group Policy or Mobile Device Management (MDM) policy at the server level.

Once implemented on your device, you can set up Passport with these steps:

· At the Windows 10 sign-in screen, log in as usual using your user name and password.

· You’ll be asked to create and confirm a work pin. Make it memorable.

· Your device is now registered and authenticated, and you can log in using your Passport.

Productivity and Accessibility Features  

The latest operating system includes significant enhancements to improve productivity and accessibility to service the mobile workforce. Here are some of the new and upgraded features:

Windows To Go lets you download a complete and managed Windows 10 system image to a USB, which can be inserted into any Windows 10 host computer to boot and run a managed Windows 10 system. Now you can access your desktop and company resources anywhere, while IT administrators retain the same level of management features.

To set up a Windows To Go device, you’ll need a USB drive certified for Windows To Go use and Windows 10 for the Enterprise installed on your desktop with admin rights.

Next, you’ll need to:

· Sign into your Windows 10 PC.

· Insert the certified USB.

· Make sure the .wim file (located on a network share, USB drive or DVD) is accessible and contains a valid Windows 10 Enterprise image that has been generalized using sysprep. 

· Using the search function, type “Windows To Go” and hit Enter. 

· Find the Windows To Go Creator Wizard and click on it to run the application.

· When asked, choose the drive you want to use, select your chosen USB drive and click on Next.

· You’ll then be asked to choose a Windows 10 image. Click on Add Search Location and navigate to the .wim file and click on the Select folder.  Now select the Windows 10 Enterprise image and click on Next.

· Click on Create to begin building the Windows To Go workspace USB key. This can take 20 to 30 minutes to complete. 

· On the completion page, you can configure the Windows To Go start-up options to configure your current computer as a Windows To Go host computer. When complete, click No (unless you want to boot from this key immediately), and then hit Save and Close.