Win 10S threat landscape

What you're basically looking for is a white paper and at this time we don't have one satisfy the breath of your questions. I'll take this as feedback and hopefully we can prioritize one, or at least a detailed blog, in the future.

As you can tell Windows S was designed to be highly secure out of the box. In its design we systematically went through all of the attack vectors and then reduced the surface area of attack where they could be used. We use sandboxing for the browser and extensions, we run things with least priv, out of proc, etc. We made hard choices for security vs extensibility like not letting marcos run in docs, and to your question about powershell and ransomware we blocked that too.

As a security guy Windows S is a super exciting and we'll continue to make it even more secure.