Windows 10 Enterprise with Software Assurance

As I mentioned in a previous post, with the Windows 10 launch, MDOP is now included as an SA benefit, and is no longer a separate add-on.  This post explains Windows 10 Enterprise features with Software Assurance

Windows 10 Enterprise edition includes:

  • Granular UX Control, in which IT is able to customize and lock down the user experience of a Windows device for task-workers, kiosks, IoT/ embedded type functions using device management policies.
  • Pass the Hash Mitigations: The ability to store derived credentials (i.e.: NTLM hashes and Kerberos tickets) and the process that manages them (i.e.: Local Security Authority Subsystem Service (LSASS)), in a Hyper-V protected environment that is called a “Virtual Secure Mode (VSM)”. The VSM provides hardware based isolation and protection of derived credentials and prevents them from being stolen or misused even in the event that the Windows kernel is fully compromised. This capability prevents Pass the Hash (PtH) attacks which enable an attacker to impersonate a user on the network.
  • Device Guard: Device Guard locks down the device such that it can only run trustworthy executable code (e.g.: .exe, .dll) which means that they are signed by a trusted authority.  Device Guard can be used in combination with AppLocker, which is also included in the Enterprise Edition. In this case Applocker can be used to define which apps from a vendor who’s signature has been added to the trust list can be run on a device.

Below graphic shows the benefit of the Enterprise SKU along with Software Assurance.

2015-07-29_22-22-07

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s