I’m happy to announce that Windows 10, version 1809 is now available for download from Visual Studio Subscriptions (formerly MSDN Subscriptions) and the Software Download Center (via Update Assistant or the Media Creation Tool)—as well as through Windows Server Update Services (WSUS) and Windows Update for Business. This new feature update will begin rolling out globally via Windows Update in the coming weeks to ensure the best possible update experience for our customers. For more details on our rollout plans and the improvements we’ve made to the update experience, please see John Cable’s blog post.
For commercial customers, today’s October 2, 2018 release of Windows 10, version 1809 marks the start of the servicing timeline for the Semi-Annual Channel (“Targeted”) phase. If you’re using Windows Update for Business and have configured updates for Semi-Annual Channel (Targeted) deferral, your updates will be based from this date. If you do not use Windows Update for Business, the Semi-Annual Channel (Targeted) designation has no impact on you.
We recommend that you begin rolling out Windows 10, version 1809 today, in phases across your organization, to validate that your apps, devices, and infrastructure work well with this new release before broad deployment. Additionally, if you aren’t yet using Windows Analytics to monitor your rollout of this feature update, we encourage you to do so.
To support this release, we have updated the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and published a draft of the Security baseline for Windows 10, version 1809. We are also updating the Windows 10 Enterprise Evaluation, a free 90-day evaluation designed to help IT pros test Windows 10 Enterprise in their environments.
When will Windows 10, version 1809 be available on the Volume Licensing Service Center?
Windows 10, version 1809 will be rolling out globally to Volume License customers via the Volume Licensing Service Center (VLSC) in the coming weeks.
When will Windows 10, version 1809 be available to Microsoft partners?
Windows 10 Enterprise, version 1809 will be available to those with Microsoft Action Pack Subscriptions (MAPS) via the Microsoft Partner Network (MPN) on October 5th. All other editions for MAPS will be available on October 22nd.
What’s new and what’s changed for IT pros?
Windows 10, version 1809 is the sixth feature update for Windows 10. You’ll notice that much of what has changed since the last update is the result of our effort to help you holistically and more easily manage your devices and deployments with Microsoft 365.
Security
- Windows Defender ATP: General
- Threat Analytics - A set of interactive reports on significant and emerging attack campaigns that fuses organizational risk analytics with threat intelligence.
- Custom detections with Advanced hunting – Write your own custom queries with advanced hunting, save them and now we turn them into your own custom alerts.
- Auto-resolve remediated alerts – Alerts can now be automatically resolved when the automated investigation fully remediated the threat.
- Microsoft Threat Protection – Integrates with Azure Advanced Threat Protection, Azure Information Protection, Office 365 Threat Intelligence, Microsoft Cloud App Security, Microsoft Intune, and Skype for Business to offer a fully integrated, end-to-end solution that helps secure your organization across its entire attack surface, securing identities, endpoints, cloud apps, and infrastructure.
- Supply Microsoft Secure Score with information about the status of your antivirus, OS security updates, firewall, and other controls so you can better understand your all-up security position.
- Support for managed security service providers (MSSP) to deliver managed detection and response (MDR) services on top of Windows Defender ATP.
- Support for Windows Server 2019 - We're upgrading our server protection stack by adding support for Windows Server 2019.
- Support for Windows 7 and 8.1 - Windows Defender ATP’s functionality has been extended to support Windows 7 and 8.1 with both Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities.
- Windows Defender ATP: Attack surface reduction
- Security administrators can configure devices with advanced web protection and define allow and deny lists for specific URLs and IP addresses.
- Attack surface reduction controls have been extended to protect from ransomware, credential misuse, and attacks that are transmitted through removable storage.
- New tamper-proofing capabilities use virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers.
- Windows Defender ATP: Next generation protection
- Improved antivirus capability with advanced machine learning and AI models to protect against Apex attackers using innovative vulnerability exploit techniques, tools, and malware.
- Improved emergency outbreak protection will automatically update devices with new intelligence when a new outbreak has been detected. This prevents devices from needing to wait until the next scheduled interval for an intelligence update.
- Antivirus capability has been certified ISO 27001 compliant, which means that its cloud service has been analyzed for threats, vulnerabilities, and impacts, and that risk management and security controls are in place.
- Antivirus capability has been updated to support geolocation and sovereignty of sample data as well as configurable retention policies.
- Password-less login – Take advantage of secure, multi-factor authentication—without passwords—for your Windows 10 devices using Windows Hello with FIDO2, Web Authentication (WebAuthn), and Microsoft Authenticator. Learn more.
- Windows Defender Application Guard inside Windows Security App – Configure Application Guard or check and update your configuration in the same place as other Windows security features.
- Firewall support for Windows Subsystem for Linux (WSL) – Add specific rules for a WSL process in Windows Defender Firewall, and receive notifications (like access prompts) just as you would for any Windows process.
Deployment and management
- Windows Autopilot
- Windows Autopilot for existing devices – Offers configuration support so you can migrate existing devices from Windows 7 to Windows 10 as part of the normal user-driven deployment process. See part two of our Modern deployment with Windows Autopilot and Microsoft 365 session from Microsoft Ignite to learn more.
- Supports Hybrid Azure Active Directory (AAD) Join, enabling users to join Active Directory joined devices to Azure AD during user-driven deployments.
- Windows Autopilot self-deploying mode – Provides truly zero-touch provisioning (plug in, turn on, automatically provisioned) and is a great option for shared devices, kiosks, and digital signage.
- Desktop App Assure (Preview) – New service offered at no additional cost[i] to Windows 10 Enterprise and Windows 10 Education customers that helps address issues you encounter with Windows 10 and Office 365 ProPlus application compatibility.
- Servicing improvements
- Compact update packages – We are introducing a new update package delivery design for monthly quality updates that creates a compact update package for easier and faster deployment. Users will benefit from the new small update size when installing applicable quality updates as they are 40% more efficient.
- Reduced download package size for x64 systems – Standalone ESD files will be offered for x64 systems to save bandwidth for those using Windows Server Update Services (WSUS) or Configuration Manager to manage updates.
- Longer servicing windows – Beginning with Windows 10, version 1809, all feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September will be supported for 30 months from their release date.
- Further alignment with Office 365 – Adoption of common terminology (Semi-Annual Channel, Long-Term Servicing Channel)
- Microsoft Edge policies and kiosk mode – New and updated management policies, including quickly creating and deploying a tailored browsing experience for kiosk devices or digital signage.
- Fast sign-in for shared devices – Enable fast sign-in for users of shared PCs or tablets using the Authentication and EnableFastFirstSignIn policies in the Policy CSP.
- Streamlined local experience delivery – Language Interface Packs (LIPs) will be supported as Local Experience Packs (LXPs) only (i.e. there will no longer be any lp.cab files for LIP), which are faster to install and have a smaller OS footprint.
- Windows Analytics in the Azure portal – Consolidates and streamlines device monitoring and management by integrating all the features formerly found in Operations Management Suite (OMS) into the Azure portal.
- Microsoft 365 Admin Portal – Manage and monitor your Windows 10 devices along with your Office 365 applications and Enterprise Mobility + Security solution from a single admin console.
- MSIX Packaging Tool – Cross-platform, down-level compliant, enterprise-class installer that enables you to modernize app deployment and distribute LOB apps through the Microsoft Store, Microsoft Store for Business, and other methods
And, just around the corner:
- Windows Virtual Desktop (Preview) – Deploy and scale virtualized Windows and Office experiences on Azure, and support a multi-user Windows 10 experience, in minutes.
- Desktop Analytics (Preview) – Incorporates Windows Analytics to offer a new cloud-based service, integrated with System Center Configuration Manager, that will: a) create an inventory of apps running in your organization; b) assess compatibility with the latest feature updates of Windows 10 and Office 365 ProPlus; c) help you create pilot groups that represent your entire application and driver estate across a minimal set of devices.
Productivity
- Microsoft Search – A new unified search experience, powered by AI insights, that enables you to find content across Windows, Office.com, Office apps, SharePoint, OneDrive, and select third-party ecosystems directly from your search bar.
- Microsoft Learning Tools in Microsoft Edge – Built-in tools help improve reading and focus: utilize reading mode for web pages, access an offline dictionary, or identify parts of speech with custom colors.
- Your Phone app[ii] – Get instant access to photos and texts from your Android phone on your computer and send texts from your computer.
- PowerPoint + digital pen[iii] – Design your slides with a pen, then easily convert them into a polished presentation.
- Timeline on your phone[iv] – Pick up where left off, wherever you left off. Scroll back in time to find the websites and Office documents you were using on your computer, tablet, and phone[v].
Is there a new LTSC release?
Yes. For those customers utilizing the Long-Term Servicing Channel (LTSC), we have also released Windows 10 Enterprise LTSC 2019. This is the third feature update for Windows 10 for the LTSC, and it has many benefits for all Windows 10 devices, including the special-purpose devices in your environment.
Where can I learn more about what’s new in this update?
Updated 10/30/2018: To ensure that you have the ability to experience the latest features and capabilities for yourself and your organization, we are rescheduling the webcast for 10:00 a.m. Pacific Time, Wednesday, November 28, 2018. Click here to register! We are also rescheduling the AMA, which will now be on Thursday, December 13th from 9:00-10:00 a.m. Pacific Time.
On Wednesday, October 31st, On Wednesday, November 28th, my colleague Nic Fillingham and I will be hosting a one-hour webcast on "What’s new in Windows 10, version 1809 for IT pros." From 10:00-11:00 a.m. Pacific Time, we’ll take you through the changes in this feature update, the logic behind them, and, most importantly, how to use these improvements to speed up your deployments and more easily manage your Windows 10 devices.
We won’t have much time for Q&A during the webcast, so we are also hosting a Windows 10 IT Pro AMA on Tech Community from 9:00-10:00 a.m. Pacific Time on Wednesday, December 13th the following day, November 1st.
An Ask Microsoft Anything (AMA) is a live, text-based Q&A event like a "YamJam" on Yammer or an "Ask Me Anything" on Reddit. During the AMA, members of the Windows, Windows Defender ATP, Microsoft Intune, and System Center Configuration Manager product and engineering teams will be standing by to answer your questions. Out of respect for our international IT pro community, we’ll open the AMA space right after the conclusion of the webcast so that everyone has a chance to ask a question.
If you haven’t attended one of our AMAs before, here’s a quick explanation of how it will work:
- The Windows 10 AMA space on Tech Community will open at 10:00 a.m. PT on December 12th.
- To submit a question, click Start a new conversation—and do this for each new question.
- Engineering and members of the product teams will be answering questions live during the actual AMA event, from 9:00 a.m. to 10:00 a.m. PT on December 13th.
- At the end of the AMA, the Windows 10 AMA space will close and become a read-only resource. We will post a final recap within 72 hours.
To participate in the AMA, you must be a member of the Microsoft Tech Community. If you aren’t already a member, it only takes a minute to sign up:
- Visit https://techcommunity.microsoft.com.
- Click Sign In in the top right corner and sign up using your Microsoft account.
- Join the Windows 10 community, and any others you like. (Click See all for the full list.)
- Accept the terms and click Register.
What if we haven’t migrated to Windows 10 yet?
If you are still using Windows 7 or Windows 8.1 in your organization, I strongly encourage you to take advantage of Upgrade Readiness, a no-cost Windows Analytics service that helps you streamline and accelerate the Windows upgrade process by identifying compatibility issues that can block your upgrade and proactively suggesting fixes. You can use Upgrade Readiness standalone or integrate it with System Center Configuration Manager.
Learn more
For help with configuring and deploying updates, please see the following resources:
- Overview of Windows as a service
- Build deployment rings for Windows 10 updates
- Deploy updates using Windows Update for Business
- Deploy Windows 10 updates using Windows Server Update Services (WSUS)
- Deploy Windows 10 updates using System Center Configuration Manager
- Manage device restarts after updates
- Manage additional Windows Update settings
To see a summary of the latest documentation updates, see What’s new in Windows 10, version 1809 IT pro content on Docs.
For information on what’s new for developers, see What's New in Windows 10 for developers, build 17763. For a full list of new namespaces added to the Windows SDK, see New APIs in Windows 10, build 17763. And, for a list of features and functionality that have been removed from Windows 10, or might be removed in future releases, see Features removed or planned for replacement starting with Windows 10, version 1809.
And, for the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter.
Continue the conversation. Find best practices. Bookmark the Windows 10 Tech Community.
Looking for support? Visit the Windows 10 IT pro forums.
[i] With an eligible subscription.
[ii] Users must link their mobile phone to their PC in PC settings or through Your Phone app from the Microsoft Store. Users will receive an app from Microsoft which they must download to their mobile phone and follow the setup prompts. Requires Android 7.0+.
[iii] Pen capable tablet or PC required. Pen accessory may be sold separately. Office 365 subscription required and sold separately.
[iv] For Android, Timeline can be accessed through the Microsoft Launcher Beta starting October 10, 2018. Users will need to sign-up to be a Beta user for Microsoft Launcher in the Google Play store. For iOS, Timeline can be accessed through the Microsoft Edge Beta starting October 8, 2018. Users need to request to join the Microsoft Edge Beta program via Feedback in the app.
[v] Timeline on phone shows seven days of past activities, including activities done on a tablet and laptop when users are signed into their Microsoft accounts.