Windows Defender offers a basic level of protection, but make sure you download a third-party antimalware package -- free or paid -- to replace it. Credit: Mark Hachman
The enterprise edition of Windows 10 may be available only a day after the consumer version, with some immediately useful improvements for business. But some of the most important security features in Windows 10 Enterprise will either be included in a major update (that you can think of much like a service pack) that will ship sometime this fall, or will rely on enterprises and online sites and services making some substantial changes to move away from passwords. That means that, as with most upgrades, getting the most from Windows 10 security improvements will require planning.
There are some immediate security improvements that IT managers will appreciate, particularly if they have users bringing Windows 10 devices to work. Some of these are simple policy changes.
For instance, most consumer PCs come with a trial anti-virus subscription; when that trial ends and if it doesn't get renewed (which Microsoft says happens on close to 10 percent of consumer PCs) Windows Defender will automatically turn itself on after a set time. That's currently three days, because anti-virus vendors don't want it to happen immediately, but it does give you better protection when employees connect from a home system that you're not monitoring.
Also of note, an offline version of Windows Defender is now built into the Windows recovery environment, to protect against malware while you're repairing a system.
Microsoft's new Edge browser improves security in a variety of ways, from running in the app container sandbox to removing ActiveX controls, VBScript, toolbars and Browser Helper Objects. That makes general browsing safer, but may require you to tweak some line of business apps (or more likely, configure employee PCs to use Internet Explorer to access those sites). And while it's fast and implements many modern Web standards, Edge is also clearly a work in progress and will be getting a major feature update later this year.
There are also security features carried over from Windows 8 that will be new to you if you're upgrading from Windows 7 or earlier. The trusted boot malware protection that loads anti-virus software before any other software, for instance, lets you choose to run only operating system components that have been digitally signed to block rootkits, and can store the proof that the system booted securely in the Trusted Platform Module (TPM) so you can check for that before allowing devices to connect to critical systems, especially when you're using the TPM as a virtual smart card.
Sign up for CIO Asia eNewsletters.