"With Windows 10 we aim to eliminate this type of attack with an architectural solution that stores user access tokens within a secure container running on top of Hyper-V technology. This solution prevents the tokens from being extracted from devices even in cases where the Windows kernel itself has been compromised," he wrote.
In the area of information protection, Windows 10 will have a data loss prevention (DLP) technology baked in that distinguishes between personal and corporate data, and protects the latter using "containment."
"Protection of corporate data in Windows 10 enables automatic encryption of corporate apps, data, email, website content and other sensitive information, as it arrives on the device from corporate network locations," he wrote.
The DLP technology will also work on Windows Phone, and documents will be covered by this protection as they're accessed from different desktop and mobile devices.
IT managers will be able to establish policies that control which apps can access corporate data, and Windows 10 also extends VPN control options to protect this data in devices owned by employees.
"App-allow and app-deny lists will enable IT professionals to define which apps are authorized to access the VPN and can be managed through MDM solutions for both desktop and universal apps," he wrote, adding that administrators can also restrict access by specific ports or IP addresses.
Finally, in the area of threat and malware resistance, Windows 10 will have features to lock down devices and only allow users to run apps that have been signed using a Microsoft provided signing service.
"Access to the signing service will be controlled using a vetting process similar to how we control ISV publishing access to the Windows Store and the devices themselves will be locked down by the OEM," he wrote. "The lockdown process OEMs will use is similar to what we do with Windows Phone devices."
IT administrators will be able to determine which apps they consider trustworthy, such as those they sign themselves, those signed by ISVs, those available on the Windows Store, or all of them.
"Ultimately, this lockdown capability in Windows 10 provides businesses with an effective tool in the fight against modern threats, and with it comes with the flexibility to make it work within most environments," he wrote.
Microsoft is aiming to ship Windows 10 by mid-2015, and in the meantime it's publicly testing in an open program which recently topped 1 million participants and has generated 200,000 feedback items.
After Windows 8 was thoroughly ignored by Microsoft's enterprise customers, the company is bending over backwards in its attempts to make CIOs and other enterprise IT executives pay attention to Windows 10.
As the OS goes through its pre-release public testing, it'll become clearer whether the Windows 10 security improvements that Alkove is trumpeting today end up being compelling enough for business customers.
Sign up for CIO Asia eNewsletters.