Windows 10 Enterprise LTSC 2019 Key

Windows 10 Enterprise LTSC 2019

Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as:

• Advanced protection against modern security threats
• Full flexibility of OS deployment
• Updating and support options
• Comprehensive device and app management and control capabilities

The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below.

This version of Windows 10 includes security improvements for threat protection, information protection, and identity protection.

Features:

Threat protection:
Microsoft Defender for Endpoint:

The Microsoft Defender for Endpoint platform includes multiple security pillars. In this version of Windows, Defender for Endpoint includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management.

Attack surface reduction:

Attack surface reduction includes host-based intrusion prevention systems such as [controlled folder access]/microsoft-365/security/defender-endpoint/enable-controlled-folders).

• This feature can help prevent ransomware and other destructive malware from changing your files. In some cases, apps that you normally use might be blocked from making changes to common folders like Documents and Pictures. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether.
• When an app is blocked, it will appear in a recently blocked apps list, which you can get to by clicking Manage settings under the Ransomware protection heading. Select Allow an app through Controlled folder access. After the prompt, select the + button and choose Recently blocked apps. Select any of the apps to add them to the allowed list. You can also browse for an app from this page.

Windows Defender Firewall:
Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like Nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This behavior was first introduced in Build 17627.

Windows Defender Device Guard:
Device Guard has always been a collection of technologies that can be combined to lock down a PC, including:

• Software-based protection provided by code integrity policies
• Hardware-based protection provided by Hypervisor-protected code integrity (HVCI)

But these protections can also be configured separately. And, unlike HVCI, code integrity policies don’t require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as Windows Defender Application Control.

Information protection:
Improvements have been added to Windows Information Protection and BitLocker.

Windows Information Protection:
Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection.

Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP protection level, and how to find enterprise data on the network. For more info, see Create a Windows Information Protection (WIP) policy using Microsoft Intune and Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune.

You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see How to collect Windows Information Protection (WIP) audit event logs.

This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see OneDrive files on-demand for the enterprise.

BitLocker:
The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see BitLocker Group Policy settings.

Silent enforcement on fixed drives:
Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (Azure AD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard Azure AD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI.

This change is an update to the BitLocker CSP and is used by Intune and others.

Identity protection:
Improvements have been added to Windows Hello for Business and Credential Guard.

Windows Hello for Business:
New features in Windows Hello enable a better device lock experience, using multifactor unlock with a new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you aren’t present.

New features in Windows Hello for Business include:

• You can now reset a forgotten PIN without deleting company-managed data or apps on devices managed by Microsoft Intune.
• For Windows desktops, users can reset a forgotten PIN through Settings > Accounts > Sign-in options. For more information, see What if I forget my PIN.

Windows Hello for Business now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in Kiosk configuration.

Windows Defender Credential Guard:

Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can’t be stolen or misused by malware on a user’s machine. It’s designed to protect against well-known threats such as Pass-the-Hash and credential harvesting.

Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Azure Active Directory-joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode.

Windows Security Center:
Windows Defender Security Center is now called Windows Security Center.

You can still get to the app in all the usual ways. Ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including Microsoft Defender Antivirus and Windows Defender Firewall.

The WSC service now requires antivirus products to run as a protected process to register. Products that haven’t yet implemented this functionality won’t appear in the Windows Security Center user interface, and Microsoft Defender Antivirus will remain enabled side-by-side with these products.

WSC now includes the Fluent Design System elements you know and love. You’ll also notice we’ve adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you’ve enabled that option in Color Settings…ETC.

System requirement:

• Processor: 1 gigahertz (GHz) or faster processor or SoC

• RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit

• Hard disk space: 16 GB for 32-bit OS or 20 GB for 64-bit OS
• Graphics card: DirectX 9 or later with WDDM 1.0 driver

• Display: 800 x 600