Microsoft Windows 10 I Better Cyber Security I EOL | 04/11/2019 | GenesisIT,Hull

Why upgrade to Windows 10?

Genesis Business Systems Blog

Windows 10 has been available since 2015, and by now you have probably had chance to use it on a home device, but has your workplace upgraded their systems yet? 

According to research by Internet Security provider Kaspersky, between 38% of Very Small Businesses and 55% of SMB & Enterprise customers are still using Windows 7. There can be a variety of reasons why, from costs, compatibility worries and resistance to change, but with Windows 7 moving to End of Support status in January 2020, organisations need to start planning their migration to Windows 10.

Why? Just because Microsoft are stopping support for Windows 7, why should people upgrade to Windows10?

The key reason is for Cyber Security. When Microsoft End Support, it means that they will no longer release updates that contain critical patches for security flaws that are discovered in the operating system. If these flaws are not patched, then it leaves your system, and therefore your network, open to cyber security threats from hackers, viruses and malware.

In May 2017, the WannaCry ransomware caused chaos across the globe, infecting unpatched Windows systems. In the UK, one of the biggest victims was the NHS, who were running unsupported copies of Windows XP. This attack cost the NHS an estimated £92 million in disruption to services and IT upgrades.

Windows 10 was designed to provide a better user experience, and continuity across a range of devices, rather than being a purely desktop/laptop operating system. A change to the User Interface allows users to easily transition between mouse based interfaces and touchscreen devices and Via its Universal Apps concept, users can now have the same user experience in a range of applications like Office, whether on PC, Tablet or Smartphone. But what changes does it bring for the business user;

System Security: Windows 10 has multifactor authentication built in along with biometric authentication support. Any supported camera, with infrared illumination, can be used to login with iris scanning or facial recognition. Supported fingerprint readers can also be used for login. These login methods are part of the Windows Hello platform that allows for login via a PIN. The PIN is by default a 4 digit code, but can be configured for a more complex password. Passwords are not transmitted to the domain, and only unlock one device, so if it is compromised, that is the only device affected. The PIN is converted to strong asymmetric keypairs using the Trusted Platform Module (TPM), for transmission to the server, making it harder to crack. The TPM also allows the PIN to be more resilient to brute force attacks. Windows Hello is FIDO2 certified allowing password-less login to supporting websites, and Remote Desktop sessions.

The Enterprise version of Windows 10 also allows administrators the option of setting up policies that enable sensitive data to be automatically encrypted, prevent selected apps from accessing encrypted data and use DriveGuard to create a high security environment that will not allow the installation of software unless it has been digitally signed by Microsoft or a trusted vendor. DeviceGuard runs inside a hypervisor, keeping it separate from the actual operating system and helps protect against zero-day attacks.

Windows Defender Application Guard scans for malware, which is can then quarantine or remove It also works to block zero day attacks, block malicious programmes on your PC or network and isolate any infected PCs on the network.

Windows Defender Advanced Threat Protection is a cloud-based service, providing a higher level of security management across the network of Windows 10 machines. It allows admins to configure devices with advanced web protection so that lists of specific URL’s and IP addresses can be blocked. Policies can also be created to protect from ransomware, credential misuse and attacks transmitted through removable storage.

Windows Defender Application Guard allows Microsoft Edge to run inside a virtual machine. This means any employee that unknowingly visits a malicious website is protected from contracting malware that could infect the PC and the network.

Reduced Storage Footprint: Windows 10 automatically compresses system files, meaning a typical 64 – bit install is just over 2.5GB. During installation, the system performance is tested, and the level of compression is then set so that the performance of the operating system is not compromised. You can also set up a reserved storage space for updates, apps, temporary files and system cache so that critical operating system functions always have access to disk space.

A separate recovery partition is no longer needed as Refresh and Reset operations use runtime system files. This allows for patches and updates to remain in place after the operation and saves an additional 12GB of space.

Cortana: An intelligent personal assistant, appearing as universal textbox alongside the start menu. Cortana can be used to search for files, launch applications, find contacts, set reminders, send emails and more.

Edge: Replacing Internet Explorer (although this is still retained for legacy support), it offers more security, faster load times and better integration with other Microsoft applications.

MY People: This feature allows you to pin those important business contacts to the task bar for quick access to email and video calling.

Windows 10 Updates: The Unified Update Platform (UUP) hast streamlined the update process so that your PC only downloads the specific updates your system needs. This can reduce the download size by 35%, saving time and storage space.

With the Windows Update for Business you have more control over the update process. So that update notifications, and reboots can be scheduled to meet end user needs, as well as allowing of enforced updates and reboots to meet deployment requirements of the business.

Devices that are unable to start properly after an update will automatically be rolled back to the previous version.

Timeline: This feature takes a snapshot of what you are doing at a given time, allowing you to select an activity from the Task view screen and continue from where you left off. If you sign in on another device with your Microsoft account, these snapshots can be synced to allow you to carry on working on another device.

Windows Autopilot: Configuring, managing or resetting your organisations PCs has never been easier. A system configuration file can be setup in the cloud, so that when a new Windows 10 PC is connected to your network, it is automatically configured to your businesses required settings. It can be tailored for an individual user, or groups of users.

See our original blog posting for other Windows 10 details.