Blog post

What's new with Windows 10?

Created:  06 Mar 2017
Updated:  06 Mar 2017
Author:  Andy P
Windows 10 EUD Guidance

With the release of Windows 10 Anniversary Edition (1607) and the upcoming Creators' Edition, we've updated our End User Device guidance to take advantage of the most useful new security-related features of the platform.

These new features include:

  • Windows Hello PIN and Biometrics to improve the authentication experience by replacing traditional passwords with a more modern approach
  • Enabling virtualisation features to better protect credentials and the underlying platform
  • Safe use of modern high-speed interfaces such as USB-C and Thunderbolt
  • Explicitly using security-enhancing cloud services such as Windows Defender, SmartScreen, Microsoft Update and the Windows Store for Business

Note too, that some of the other security features you may have seen advertised, are not yet being recommended. These include Device Guard, Windows Information Protection and MDM management features. We've chosen to focus on other technologies that currently give a good balance of usability, security and ease of configuration for a fully-managed device. We will of course continue to review this advice.

Windows as a Service

Windows 10 is regularly updated to add new features, but Microsoft only supports the more recent versions (as described on their website). Therefore you should check your devices have been updating as the original release (1507) will not get security patches after March 26th 2017.

As part of these updates, the security features that were initially part of EMET (the Enhanced Mitigation Experience Toolkit) are making their way into Windows 10 by default. With this in mind, Microsoft recently announced end-of-life for EMET and will be stopping support by the end of July 2018 (see Microsoft’s blog).

As with all unsupported software, after this date EMET should be removed. Until then, it is recommended that you continue deploying EMET. We believe EMET will continue to add value until around the end of 2017, after which, you should begin migrating away from it. Once end-of-life has been reached, our guidance will be updated to reflect the changing recommendation.

Windows 7 and 8.1

We've also taken the opportunity to retire our guidance for Windows 7 and Windows 8.1 as we strongly recommend that new deployments use the latest version of the platform. This is particularly timely as Windows 7 will only be supported until January 2020 - less than 3 years away.

While there's no need to move to Windows 10 right away, you should put a plan in place to move away from Windows 7 before that time is up. After all, we don't want to hear the Windows XP stories all over again!





John Geaney - 14 Mar 2017
Excellent reminder not to forget about Microsoft OS obsolesce.
Nessa - 28 Jun 2017
Windows 10 contains its own anti-virus software called Windows Defender which is said by AV-TEST to protect against 95% of security threats, whilst BitDefender and Kapersky were found to defend against 100% of threats. My question is therefore whether the recent wave of ransomware attacks would have been better prevented had an additional anti-virus software been installed together with Windows 10's Defender, ie would it have made any difference?
NCSC Communications Team - 23 Aug 2018
This blog is now closed to comments.

Was this blog post helpful?

We need your feedback to improve this content.

Yes No