Windows 10 may 2019 update review: the 10 best new features

Windows 10 Enterprise LTSC 2019

This article lists new và updated features & nội dung that are of interest to lớn IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel và associated tư vấn, see Windows 10 Enterprise LTSC.

Bạn đang xem: Windows 10 may 2019 update review: the 10 best new features

Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-kích thước organizations (including large academic institutions), such as:

Advanced protection against modern security threatsFull flexibility of OS deploymentUpdating & tư vấn optionsComprehensive device và tiện ích management & control capabilities

The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, và 1809. Details about these enhancements are provided below.


The LTSC release is intended for special use devices. Support for LTSC by apps and tools that are designed for the semi-annual channel release of Windows 10 might be limited. Intune Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes tư vấn for features such as Windows Autopilot. However, note that Windows 10 Update Rings Device profiles vì chưng not tư vấn LTSC releases, therefore you should use Policy configuration service provider, WSUS, or Configuration Manager for patching.


This version of Window 10 includes security improvements for threat protection, information protection, & identity protection.

Threat protection Defender for Endpoint

The Defender for Endpoint platsize includes the security pillars shown in the following diagram. In this version of Windows, Defender for Endpoint includes powerful analytics, security stachồng integration, & centralized management for better detection, prevention, investigation, response, & management.


Attack surface reduction

Attaông xã surface reduction includes host-based intrusion prevention systems such as /

This feature can help prsự kiện ransomware and other destructive sầu malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to lớn comtháng folders lượt thích DocumentsPictures. We’ve sầu made it easier for you khổng lồ add apps that were recently blocked so you can keep using your device without turning off the feature altogether.

When an app is blocked, it will appear in a recently blocked apps list, which you can get to by clicking Manage settings under the Ransomware protection heading. Clichồng Allow an ứng dụng through Controlled folder access. After the prompt, clichồng the + button and choose Recently blocked apps. Select any of the apps lớn add them lớn the allowed menu. You can also browse for an app from this page.

Windows Defender Firewall

Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants lớn allow access lớn a port from the outside (like SSH or a website hệ thống like nginx), Windows Defender Firewall will prompt lớn allow access just lượt thích it would for a Windows process when the port starts accepting connections. This was first introduced in Build 17627.

Windows Defender Device Guard

Device Guard has always been a collection of technologies that can be combined khổng lồ loông chồng down a PC, including:

Software-based protection provided by code integrity policiesHardware-based protection provided by Hypervisor-protected code integrity (HVCI)

But these protections can also be configured separately. And, unlượt thích HVCI, code integrity policies do not require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as Windows Defender Application Control.

Next-gene protection

Endpoint detection & response

Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stachồng with Defender Antivirus detections & Device Guard blocks being surfaced in the Defender for Endpoint portal.

Windows Defender is now called Defender Antivi khuẩn và now shares detection status between M365 services & interoperates with Defender for Endpoint. Additional policies have also been implemented khổng lồ enhance cloud based protection, and new channels are available for emergency protection. For more information, see Virus và threat protection & Use next-gen technologies in Defender Antivirut through cloud-delivered protection.

We"ve also increased the breadth of the documentation library for enterprise security admins. The new library includes information on:

Some of the highlights of the new library include Evaluation guide for Defender AV & Deployment guide for Defender AV in a virtual desktop infrastructure environment.

New features for Defender AV in Windows 10 Enterprise LTSC 2019 include:

We"ve sầu invested heavily in helping to protect against ransomware, and we continue that investment with updated behavior monitoring and always-on real-time protection.

Endpoint detection & response is also enhanced. New detection capabilities include:

Improvements on OS memory và kernel sensors to enable detection of attackers who are using in-memory và kernel-cấp độ attacks.

Upgraded detections of ransomware and other advanced attacks.

Historical detection capability ensures new detection rules apply lớn up lớn six months of stored data to lớn detect previous attacks that might not have sầu been noticed.

Threat response is improved when an attaông chồng is detected, enabling immediate action by security teams lớn contain a breach:

Additional capabilities have been added to lớn help you gain a holistic view on investigations include:

Other enhanced security features include:

We"ve also added a new assessment for the Windows time service lớn the Device performance và health section. If we detect that your device’s time is not properly synced with our time servers and the time-syncing service is disabled, we’ll provide the option for you khổng lồ turn it baông xã on.

We’re continuing lớn work on how other security apps you’ve sầu installed show up in the Windows Security tiện ích. There’s a new page called Security providers that you can find in the Settings section of the phầm mềm. Cliông chồng Manage providers to lớn see a các mục of all the other security providers (including antivirut, firewall, & web protection) that are running on your device. Here you can easily open the providers’ apps or get more information on how to lớn resolve issues reported khổng lồ you through Windows Security.

This also means you’ll see more liên kết lớn other security apps within Windows Security. For example, if you open the Firewall & network protection section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain name, private, & public networks).

You can read more about ransomware mitigations và detection capability at:

Also see New capabilities of Defender for Endpoint further maximizing the effectiveness and robustness of endpoint security

Get a quichồng, but in-depth overview of Defender for Endpoint for Windows 10: Defender for Endpoint.

Xem thêm: So Sánh Iphone Lock Và Quốc Tế Và Iphone Lock, Iphone Lock Là Gì

Information protection

Improvements have been added khổng lồ Windows Information Protection và BitLocker.

Windows Information Protection

Windows Information Protection is now designed to work with Office & Azure Information Protection. For more information, see Deploying and managing Windows Information Protection (WIP) with Azure Information Protection. Intune helps you create & deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection màn chơi, & how lớn find enterprise data on the network. For more info, see Create a Windows Information Protection (WIP) policy using Intune and Associate & deploy your Windows Information Protection (WIP) & VPN policies by using Intune.

You can also now collect your audit sự kiện logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, How lớn collect Windows Information Protection (WIP) audit event logs.

This release enables support for WIPhường with Files on Dem&, allows file encryption while the tệp tin is open in another tiện ích, and improves performance. For more information, see OneDrive sầu Files On-Demvà For The Enterprise.


The minimum PIN length is being changed from 6 to lớn 4, with a default of 6. For more information, see BitLocker Group Policy settings.

Silent enforcement on fixed drives

Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active sầu Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI.

This is an update khổng lồ the BitLocker CSP, which was introduced in Windows 10, version 1703, and leveraged by Intune & others.

This feature will soon be enabled on Olympia Corp as an optional feature.

Delivering BitLocker policy to lớn AutoPilot devices during OOBE

You can choose which encryption algorithm khổng lồ apply to BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the mặc định algorithm. This allows the encryption algorithm (và other BitLocker policies that must be applied prior to lớn encryption), khổng lồ be delivered before BitLocker encryption begins.

For example, you can choose the XTS-AES 256 encryption algorithm, và have it applied to lớn devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE.

To achieve this:

Identity protection

Improvements have been added are khổng lồ Windows Hello for Business và Credential Guard.

Windows Hello for Business

New features in Windows Hello enable a better device loông chồng experience, using multifactor unlock with new location và user proximity signals. Using Công nghệ Bluetooth signals, you can configure your Windows 10 device to automatically lochồng when you walk away from it, or khổng lồ prsự kiện others from accessing the device when you are not present.

New features in Windows Hello for Business include:

For Windows Phone devices, an administrator is able khổng lồ initiate a remote PIN remix through the Intune portal.

Windows Hello now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced tư vấn for shared devices, as described in Kiosk configuration.

Support for S/MIME with Windows Hello for Business & APIs for identity lifecycle management solutions.

Windows Hello is part of the trương mục protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic loông xã users if Dynamic loông xã has stopped working because their phone or device Bluetooth is off.

You can set up Windows Hello from loông xã screen for MSA accounts. We’ve sầu made it easier for account users to lớn phối up Windows Hello on their devices for faster và more secure sign-in. Previously, you had lớn navigate deep inkhổng lồ Settings lớn find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your loông xã screen by clicking the Windows Hello tile under Sign-in options.

It is easier to lớn mix up Dynamic loông chồng, and WD SC actionable alerts have sầu been added when Dynamic lock stops working (ex: phone Bluetooth không dây is off).

For more information, see: Windows Hello and FIDO2 Security Keys enable secure & easy authentication for shared devices

Windows Defender Credential Guard

Windows Defender Credential Guard is a security service in Windows 10 built lớn protect Active Directory (AD) domain name credentials so that they can"t be stolen or misused by malware on a user"s machine. It is designed khổng lồ protect against well-known threats such as Pass-the-Hash and credential harvesting.

Xem thêm: Những Mật Khẩu Wifi Bá Đạo Khiến Các Thánh Hack Pass Wifi Bá Đạo

Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns this functionality on by default when the machine has been Azure Active sầu Directory joined. This provides an added cấp độ of security when connecting to domain name resources not normally present on devices running Windows 10 in S mode.

Chuyên mục: Tin Tức