With over hundreds of thousands of new malicious files created per day, the fight against malware using traditional techniques (i.e.: signature based detection) is a never-ending game of whack-a-mole. Windows 10 fundamentally changes the game for enterprise security with Device Guard which offers next generation application control. In this session we provide prescriptive guidance to help you guide customers as they plan, deploy, and manage Device Guard enabled devices. We show you where Device Guard can be easy to deploy and where is can be difficult. We also provide insights into our roadmap that is designed to make it easy and for everyone down the road. Note: This session is part of the core Windows Security session set.