What's new for IT pros in the Windows 10 Creators Update

Published Mar 01 2018 06:38 PM 298 Views
Frequent Contributor

First published on TechNet on: Apr 05, 2017

 

Windows 10, version 1703—also known as the Windows 10 Creators Update—is designed for today's modern IT environment with new features to help IT pros more easily manage, and better protect, the devices and data in their organizations. It also provides individuals with the ability to be more productive, thanks to enhancements to Windows Ink and Cortana, better battery life, improved accessibility, and more control over privacy settings as well as when updates are installed. To learn more about these and other improvements, see the Windows Experience Blog.

 

Windows 10, version 1703 is the third feature update released for Windows 10. As with the Windows 10 November Update (released November 2015) and the Windows 10 Anniversary Update (released August 2016), it is a further expression of how we’ve moved to Windows as a service—and a delivery on our promise to keep improving Windows over time, utilizing the feedback we receive from you and other customers through the Windows Insider Program.

 

What's new for IT professionals?

 

Windows 10, version 1703 offers IT pros a variety of features and functionality, such as:

  • New and improved provisioning options to help you configure devices without imaging:
    • Windows Configuration Designer, formerly known as Windows Imaging and Configuration Designer (ICD), is now available in Windows Store as an app. It includes several new wizards to make it easier to create provisioning packages for desktop devices, mobile devices, and kiosks—as well as the option to remove pre-installed software in both the desktop and kiosk wizards.
    • You can now create provisioning packages to bulk enroll devices in Azure Active Directory (Azure AD) and then enroll in a mobile device management (MDM) solution, if required.
    • New PowerShell cmdlets enable you to automatically install provisioning packages created using Windows Configuration Designer.
  • MBR2GPT.EXE, a new command-line tool that enables you to convert a disk from a Master Boot Record (MBR) to a GUID Partition Table (GPT) without modifying or deleting data on the disk, helpful in automating the conversion from BIOS to UEFI[i]. (Watch the demo for more insight.)
  • Windows Hello for Business, which replaces passwords with two-factor authentication, has been improved to support organizations that are restricted to using AD on-premises for authentication and can’t use cloud-based solutions like Azure AD.
  • New Windows Defender Advanced Threat Protection (ATP) capabilities, including the ability to create custom threat intelligence alerts, investigate a specific user account, and take immediate actions on a machine or file to contain a breach. (Watch the demo for more insight.)
  • Enhancements to Windows Defender Antivirus (AV) (previously known as Windows Defender), including updates to how the Block at First Sight feature can be configured and the ability to specify the level of cloud protection.
  • Enhanced mobile device management (MDM) support:
    • The ability to configure security policies through MDM that were previously only available through Group Policy. In fact, we have enabled close to 300 new security policies natively through MDM. (If you are new to MDM on Windows 10, see Modern management for Windows 10.)
    • The MDM Migration Analysis Tool (aka MMAT), which helps you transition Windows 10 device management from Group Policy to MDM by assessing which policies currently in use are available through MDM.
    • New MDM configuration service providers (CSPs)[ii], including:
      • Office CSP, which enables the installation of the Microsoft Office client on a device via the Office Deployment Tool.
      • EnterpriseAppVManagement CSP, which enables the management of virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by a MDM solution.
      • DynamicManagement CSP, which enables policies to be enabled dynamically based on location, network, or time. (For example, you could disable cameras on managed devices when at a work location.)
      • BitLocker CSP, which enables device encryption management (For example, you could require storage card encryption on mobile devices, or require encryption for OS drives on PCs).
      • CleanPC CSP, which enables the removal of user-installed and pre-installed applications, with the option to persist user data.
      • NetworkProxy CSP, which enables proxy server configuration for Ethernet and Wi-Fi connections.
    • New MDM settings to turn off many items in the Start menu, including frequently used apps, switch account, and restart/shut down/hibernate/sleep.
  • The ability to customize Start and taskbar layout in Windows 10 Pro with Group Policy, and new support for customized taskbar policy deployed via MDM.
  • The ability to control which pages in the Settings app are visible to users using either MDM or Group Policy via the Settings/PageVisibilityList setting. Blocked pages will not be visible in the app and, if all pages in a category are blocked, the category will be hidden as well.
  • Support for mobile application management (MAM), including integration with Windows Information Protection, which provides individuals with access to business apps on their personal Windows devices while protecting company data.
  • Improved manageability support in Microsoft Edge with the addition of new Group Policy and MDM settings geared towards customizing experiences, security, and privacy (e.g. Allow Address bar drop-down list suggestions, Allow Adobe Flash, Set default search engine, Keep favorites in sync between Internet Explorer and Microsoft Edge, etc.)

 

We have also made enhancements to Windows as a service, including:

 

And that's not all. There are even more features in Windows 10, version 1703 that we think you will love:

  • Registry Editor (REGEDT32.EXE) now has an address bar, keyboard shortcuts, and abbreviations, such as HKCU (for HKEY_CURRENT_USER) and HKLM (for HKEY_LOCAL_MACHINE).
  • Windows Subsystem for Linux (WSL), which allows users to run native, unmodified Linux command-line tools directly on Windows, without virtual machines.
  • Command Prompt has been replaced with PowerShell in the Quick Link (Win+X) menu by default.
  • Streamlined virtual private network (VPN) makes it possible to easily activate a connection from the Network fly-out menu.
  • Hyper-V improvements, including:
    • "Quick Create," a new option to create virtual machines in Hyper-V.
    • Checkpoint and Save for nested Hyper-V
    • Hyper-V instances will now remember your zoom level for the next session.
    • You can now override the scaling in Hyper-V virtual machines.
    • You can now resize Hyper-V windows in Enhanced session mode.
    • Networking improvements (NAT)
    • Developer-centric memory management
  • New display options, including:
    • You can now let Windows reduce the blue light emitted from the screen with Night light.
    • High-DPI scaling improvements for desktop applications.
    • A new setting in Properties for programs that will enable improved high-DPI rendering.
    • Windows will now better handle desktop icons when changes to the device's setup (like removing a screen) are made.
  • After upgrading to Windows 10, v1703 in-box apps that were uninstalled by the user won't automatically reinstall as part of the Feature Update installation process. (Apps de-provisioned by IT administrators will still be reinstalled, this is expected to be addressed in a future Feature Update)
  • Windows can now use Dynamic Lock to lock your PC when you leave it, with Windows Hello.
  • Setting up Windows Hello now provides visual guidance which tracks your face in real time.

Today’s release of Windows 10, version 1703 is initially considered the Current Branch (CB) and will become Current Branch for Business (CBB) in about four months from today. For a list of Windows 10 versions by servicing option, see our Windows 10 release information page. For more information about Windows 10 servicing—including guidance on how to assign devices to different servicing branches and how to manage updates using Windows Update for Business, WSUS, or Configuration Manager—see Update Windows 10 in the enterprise and Quick guide to Windows as a service, To get hands-on experience with Windows as a service in a virtual machine environment, with no additional software or setup required, try the Deploy and manage Windows as a service virtual lab.

For a summary of the features that were removed or deprecated in Windows 10, version 1703, see the Microsoft Knowledge Base.

How, and when, can I obtain Windows 10, version 1703?

  • Windows 10, version 1703 is available for download today from the MSDN Subscriptions Center (for Visual Studio/MSDN subscribers).
  • You can download a free 90-day evaluation of Windows 10 Enterprise, version 1703 from the TechNet Evaluation Center.
  • If you have already deployed Windows 10, you can get the Windows 10, version 1703 update starting Tuesday, April 11th from Windows Update or Windows Update for Business.
  • If you have already deployed Windows 10 and use Windows Server Update Services (WSUS) and/or System Center Configuration Manager servicing plans, you can also get the Windows 10, version 1703 update on April 11th.
  • Individuals that want to initiate the update manually today, instead of waiting for April 11th, can do so via Update Assistant or the Media Creation Tool[iii].
  • Windows 10, version 1703 will be available for download from the Volume Licensing Service Center (for Volume License customers) on May 1st.

We have also updated the Windows Assessment and Development Kit (Windows ADK). To download the Windows ADK for Windows 10, version 1703, visit the Hardware Dev Center.

What if I haven't yet deployed Windows 10 in my organization?

If you haven’t yet deployed Windows 10 in your organization, download the updated Windows 10 Enterprise Evaluation to test Windows 10, version 1703 free for 90 days. I also encourage you to take advantage of the following resources:

  • Upgrade Readiness, part of Windows Analytics, is a free service that helps you streamline and accelerate the Windows upgrade process by identifying compatibility issues that can block an upgrade and proactively suggesting fixes.
  • Windows 10 virtual labs, hands-on labs that let you try out Windows 10 setup, deployment, and management scenarios with no setup or additional software required.
  • Windows 10 Deployment and Management Lab Kit, a pre-configured virtual lab environment and step-by-step lab guides to help you review and test an in-place upgrade as well as traditional deployment methods.

Where can I provide feedback on Windows 10?

To provide feedback on how we can improve the features and functionality of Windows moving forward, and to get access to early preview builds, join the Windows Insider Program.

If you would like to ask questions, learn about best practices, share ideas, or engage in discussions about Windows 10 with Microsoft engineers and product experts, as well as your peers, join the brand new Windows Tech Community.


[i] Booting in UEFI mode enables you to take advantage of additional Windows 10 security features, such as Device Guard, Credential Guard, Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, and BitLocker Network Unlock.

[ii] CSPs expose device configuration settings in Windows 10 to MDM solutions in a similar fashion to that of Group Policy client-side extensions.
[iii] Windows 10 Enterprise users cannot use Upgrade Assistant or the Media Creation Tool to upgrade to Windows 10, version 1703.

Version history
Last update:
‎Aug 30 2018 02:44 PM
Updated by: