Tag Archives: Windows Defender

Providing customers with more choice and control in the Creators Update

Michael Fortin is the CVP of Windows and Devices Group Core Quality and John Cable is the Director of Program Management, Windows Servicing and Delivery

Customers continue to tell us that they want the best possible experience – including the latest features, apps, and security capabilities – when they use their Windows 10 devices. We designed Windows 10 to automatically keep devices up to date with the latest updates. Since we released the first version of Windows 10 we’ve received a lot of great feedback from customers about the way we deliver and install updates. You have also shared your thoughts on how we can make the installation of the next Windows feature update, the Creators Update, a more seamless and user controlled experience. We know this is especially important because installing updates is important for keeping your device more secure, and allows you to enjoy the latest innovation Windows 10 has to offer, free for the supported lifetime of the device.

We’re gearing up for the launch of the Creators Update, which will bring 3D to everyone, game broadcasting and tournaments to gamers across Xbox and Windows 10 PCs, improvements to our most popular apps and Microsoft Edge, as well as new privacy and security features that put you in control. I am excited to share that you will have considerably more flexibility when specifying the best time to install updates on your devices. We are also making other improvements to the update deployment experience in the Creators Update. For example, downloads will have less impact on device performance while they are in progress. You should experience fewer reboots, which will reduce the likelihood that an update will be installed at an inopportune time. Another example of more customer choice and control is the announcement Terry Myerson made in January on new privacy-centric features coming in the Creators Update. This new functionality will make it easier to choose the privacy and diagnostic data collection settings that are best for you. We’re now ready to start showing the new experiences to Windows Insiders and we look forward to receiving feedback.

Finally, I want to introduce John Cable, our Director of Program Management within the Windows Servicing and Delivery (WSD) team. He is responsible for keeping our 400M and growing Windows 10 devices up to date with the latest updates and ensuring customers have the most seamless update experience possible. John will be saying a lot more in the weeks and months ahead about improvements to the Windows 10 update experience. He’ll start today by sharing more about the areas of innovation I mentioned above.

Thank you, and keep the feedback coming!  Over to you John.

-Mike

New update deployment and privacy settings controls in the Creators Update

Thanks, Mike! Before I dive into the details I want to say again how important all the feedback we receive from customers is to us at Microsoft. We actively listen to feedback from many different sources including the Feedback Hub application, responses customers provide to system-initiated prompts, our customer support engineers, postings to social media, and a variety of Windows forums.

Our approach is to continuously listen to all the feedback and improve the experience with each future update. In fact, most of the improvements I’ll talk about next are the direct result of what we heard through these channels from our customers. On to the details!

Prior to the Creators Update, Windows 10 made most of the decisions for you regarding when updates would be installed and didn’t provide ways to tailor the timing to your specific needs. What we heard back most explicitly was that you want more control over when Windows 10 installs updates. We also heard that unexpected reboots are disruptive if they happen at the wrong time.

With the Creators Update you will have several new options for scheduling the timing of when updates install. For example, you can specify exactly when you want an update to occur (including the ability to reschedule an update if your original choice ends up being less convenient than expected), or “hit the snooze button.” The “snooze” capability allows you to pause the update process completely for three days when you need uninterrupted time on your device. In addition, we are widening the “Active Hours” time so Windows doesn’t install an update at times when you want your device to be ready to use. Here are two screen shots of the choices you will have when the Creators Update becomes available.

With the Creators Update you will have several new options for scheduling the timing of when updates install. For example, you can specify exactly when you want an update to occur (including the ability to reschedule an update if your original choice ends up being less convenient than expected), or “hit the snooze button.”

New Update Deployment and Privacy Settings Controls in the Creators Update

As always, we believe in the value of keeping devices “up to date,” and recommend that you choose the installation defaults that Windows 10 provides so you will always have the latest features, apps, and security updates. However, when you need more control over the update experience, you will have new choices.

If you decide to exercise more control over the update process, we’ve added a new icon to the Windows Update Settings page that makes it easier to verify that your device is up to date. This “at a glance” feature is consistent with a similar feature in the new Windows Defender Security Center.

In keeping with our approach of iterating based on your feedback, this enhanced update experience has been available to our Windows Insiders for some time and the response has been positive. We look forward to rolling this out more broadly with the Creators Update.

I also want to say a few words about the new privacy settings experience that will accompany the rollout of the Creators Update. Screenshots of this experience will be available to today via a “quest” we publish in the Feedback Hub application. This feedback will help us iterate on this experience as we get closer to shipping the Creators Update. Included here are screenshots that show what the experience will look like, including the choices customers will have when they want to update their privacy settings.

New Update Deployment and Privacy Settings Controls in the Creators Update

New Update Deployment and Privacy Settings Controls in the Creators Update - location settings screenshot

These, and many other improvements are the direct result of your feedback. Keep it coming!

This blog post today highlights just a part of our journey to listen intently to your feedback and provide on-going improvement to the Windows experience. In the coming weeks, you can expect to hear more from me about our process for rolling out the Creators Update, how we partner with OEMs to ensure high-quality experiences, and how we utilize your real time feedback and data to ensure the best update experience for all our customers.

-John

MARS future looking sweeter with Microsoft technology

Whether it’s grabbing gum at checkout, satisfying late-afternoon hunger with a Milky Way ®, or even buying pet food for that unconditional loving best friend, we’ve all been surrounded by MARS products and might not even know it! As a century-old family-owned business, MARS has certainly found its recipe for success. The company has made $35 billion in global sales by putting people first in everything they do. With 60 brands across six segments from food, drinks, chocolate, confectionary (gum), pet care and symbioscience, the company is more than just sweet treats. MARS understands a long-term vision that is committed to product, technology and workplace innovation based on the company’s Five Principles– Quality, Responsibility, Mutuality, Efficiency and Freedom.

MARS has long valued a workplace that encourages mutuality and open communication among all Associates. As MARS looks at new products, services and business units to accelerate its growth, it knows a digital transformation would not only bolster its already collaborative and productive work environment but also attract and retain employees who expect a modern workplace. MARS is deploying Windows 10 to its more than 80,000 associates who work across 400 locations in 78 countries. Windows 10, along with Office 365 and Microsoft Azure, is enabling MARS to digitally transform how its Associates not only work with each other, but how they get work done.

“At MARS, we meet our goals,” says David Boersma, Senior Manager for End User Technologies, MARS, Incorporated. “This company will continue to accelerate its growth organically and through acquisition and we’re using Windows 10 to build the flexibility and capabilities we need to get there.”

— David Boersma, Senior Manager for End User Technologies, MARS, Incorporated

MARS has deployed Windows 10 to help reduce the cost and time associated with large-scale deployments. With a company that spans multiple geographies, its previous upgrades had taken up to four years and cost $4 million. According to Boersma, “Windows 10, on the other hand, has been substantially quicker and with less cost.” The “Windows as a Service” model has allowed MARS to skip the lengthy upgrade cycle which has resulted in accelerated Windows 10 deployment. Originally, MARS set out to deploy Windows 10 to 5,000 Associates in 12 months. Although, it has already exceeded its goal by 110 percent by deploying Windows 10 to 12,500 Associates and is now looking to scale to all Associates by 2018.

By embracing the “Windows as a Service” model, MARS has been able to refocus the time and energy of its IT department from chasing the next operating system update to strengthening its collaborative culture through Office 365, including Yammer and Skype for Business.

“Rather than tying up investment and time to just get through the next product release, we can focus on enhancing key aspects of our culture like mutuality at a digital level, across divisions, borders and time zones – so we can preserve what is special about MARS and help our Associates be more productive and agile.”

— Jonathan Chong, Digital Workplace and Corporate Systems Director at MARS, Incorporated

MARS associates collaborate while using their Windows 10 devices.

MARS associates collaborate while using their Windows 10 devices.

This highly collaborative company has helped create a place where many associates stay 25 years. Although, with its new goal set, MARS wanted to digitally transform not only how its associates work but also attract the next generation of workers.

“We invest a lot of money in attracting and retaining talent. These people now expect a modern, productive work environment and this includes the type of devices we provide and the tools they use at work every day. Products like Windows 10, Skype for Business and Yammer support our engagement and talent management strategies.”

— Paul L’Estrange, CTO and Vice President of Core Services, MARS, Incorporated

MARS Associates use Skype for Business to collaborate.

MARS Associates use Skype for Business to collaborate.

MARS is seeing the positive impact Skype for Business has had on its culture and Associate work-life balance. With Skype for Business, MARS has reduced travel, as Associates now use Skype for Business to tackle projects and resolve issues in real-time.

“We like a lot of human interaction and we’ve been able to use Skype for Business to help us increase that level of collaboration but not necessarily have the person fly half way around the planet. We’ve been able to reduce our overall travel which has been great from a cost perspective. But, we’ve helped positively impact people’s work life balance so they can spend more time at home yet they can still do the business that they need to do around the globe.”

— Joe Carlin, Technology Service Delivery Director, MARS, Incorporated

MARS is also seeing Associates quickly embrace Yammer, as another way to connect and share knowledge. Vittorio Cretella, CIO of MARS, Incorporated says Yammer is “taking down those walls around knowledge and making it accessible which is very valuable.”

MARS associate uses Windows 10 devices to conduct store walk-through.

MARS associate uses Windows 10 devices to conduct store walk-through.

Windows 10 provides MARS the flexibility with the types of devices its Associates and Senior Leaders can use to get work done whether at home, in the office or on the road. Senior Leaders and Associates can now use everything from Surface Pro to OEM devices to help fit their unique work styles. Previously, an associate conducting a store walk-through would have to juggle multiple devices and paper to make note of any product display issues. Once the Associate returned to the office, they’d connect with their peers to resolve the issue. This process could take several days to a week depending on their travel. Today, many issues can be resolved on the spot.

“By using Windows 10, MARS associates now finish things on the road instead of waiting until they get back to the office. For example, field associates use their Surface Pro devices in store walk-throughs, and if necessary, use Office 365 to connect with other team members and resolve display issues in one day instead of a week.”

— Joe Carlin, Technology Service Delivery Director, MARS, Incorporated

With a more on-the-go workforce, MARS has strengthened security and data protection for its Associates who are on their smartphones, tablets or their PCs from the office, at home or on the road. As a privately-owned company, MARS takes security seriously especially when it comes to its intellectual property. MARS has enabled Windows security features like BitLocker to encrypt data and Windows Defender to provide a strong layer of security and authentication.

To ensure MARS can do business securely in the cloud and fully realize its digital transformation, MARS has only just begun its journey with Microsoft Azure to enable greater efficiency and reliability. Currently, MARS has two global datacenters that run 85 percent of its business with one datacenter being 25 years old which requires significant cost resources and time to maintain. Now, MARS is currently testing a hybrid cloud model and recently moved its first live production application, a retail app, into Microsoft Azure as well as about 150 other workloads with the expectation to expand to 500-600 workloads over the next year.

We’re excited to see that with Windows 10, Microsoft Azure, and Office 365, MARS is able to foster a modern and productive workplace that will support the company’s ambitious growth strategy. For more detailed information about MARS’ deployment of Microsoft technologies, please check out the case study and video here.

Defending against ransomware with Windows 10 Anniversary Update

Ransomware is one of the latest malware threats that is attracting an increasing number of cyber-criminals who are looking to profit from it. In fact, in the last 12 months, the number of ransomware variants have more than doubled. Its premise is deceptively simple: infect users’ devices, and then deny them access to their devices or files unless they pay a ransom. However, the methods and means attackers are using to perpetrate ransomware attacks are increasingly varied, complex and costly.

Microsoft is committed to helping protect people against threats to their safety and security through our strategy of Prevent, Detect and Respond. Using this approach, Windows 10 Anniversary Update is more ransomware-resilient than ever before.

Here are some of the many ways we’re fighting back against ransomware:

  • Six of the top 10 ransomware threats use browser, or browser-plugin-related exploits, so we made it harder for malware authors to exploit Windows 10 and Microsoft Edge.
  • We increased detection and blocking capability in our email services, increasing the number of ransomware-related attachments being blocked.
  • We added new technology to Windows Defender to reduce detection time to seconds, increasing our ability to respond before the infection can occur.
  • We released Windows Defender Advanced Threat Protection which can be combined with Office 365 Advanced Threat Protection to make it easier for companies to investigate and respond to ransomware attacks.

Combined with other significant security advances, such as Credential Guard, Windows Hello and others, we’ve made Windows 10 Anniversary Update the most secure Windows ever. Here are a few examples of how we achieved this:

Prevention:

Browser hardening. Adobe Flash Player is a common browser plug-in that has been used by exploit writers to download ransomware, so we updated Microsoft Edge to run Flash Player in an isolated container. We have also locked down Microsoft Edge so that an exploit running in the browser cannot execute another program. These improvements block malware from silently downloading and executing additional payloads on customers’ systems.

Email protection. A major distribution channel for ransomware is via email file attachments. To help protect customers who use Microsoft email services against such threats, we have made investments in our email services that help block ransomware. We advanced our machine learning models and heuristics to catch malware distributed in email, and developed a faster signature delivery channel to update Windows Defender running in our email services more quickly. The result is improved protection levels for our consumer and commercial productivity suite customers.

Machine learning. Enhancements to our cloud infrastructure let our antimalware researchers extend machine learning models in a way that we can identify and block malware more quickly. Before the Anniversary Update, the process of collecting a suspicious program for analysis, classifying it and responding with protection generally took hours. Now it takes minutes.

Detection:

New and improved Windows Defender. Windows Defender, which is enabled by default, can respond to new threats faster using improved cloud protection and automatic sample submission features to block malware “at first sight”. We’ve also improved Windows Defender’s behavioral heuristics to help determine if a file is performing ransomware-related activities, and then detect and take action more quickly.

Response:

Post-breach defense. In Windows 10 Anniversary Update, we launched Windows Defender Advanced Threat Protection (ATP) service which adds the ability for companies to detect and respond to attacks that have made it through other defensive layers. Combining security events collected from the machines with cloud analytics to detect signs of attacks, Windows Defender ATP surfaces alerts to the enterprise security team. Should ransomware affect corporate endpoints, the Windows Defender ATP console can provide important details that can help security responders quickly understand how the ransomware entered the device, identify the damage it has created, and locate where it might be moving next in the network. When combined with Office 365 Advanced Threat Protection, these services share signals to provide a more holistic view of what is attacking the enterprise.

Protecting against Ransomware

We have made significant improvements in protecting customers from ransomware in the Windows 10 Anniversary Update. To help protect against ransomware and other types of cyber threats, we suggest you:

The Block at First Sight cloud protection feature in Windows Defender is enabled by default. For IT Pros, if it was turned off we recommend turning it back on, and we also recommend incorporating another layer of defense through Windows Defender ATP and Office 365 ATP.  For more information about each of these technologies and techniques and how they work, please download our white paper Ransomware Protection in Windows 10 Anniversary Update.

Cyber threats won’t stop, and neither will we. As long as ransomware remains a threat, we will continue to enhance our defenses to better protect your Windows 10 devices.

Additional Resources

Introducing Windows Defender Application Guard for Microsoft Edge

We’re determined to make Microsoft Edge the safest and most secure browser. Over the past two years, we have been continuously innovating, and we’re proud of the progress we’ve made. This is reflected by Microsoft Edge having the fewest vulnerabilities of any major browser on Windows since our release last year.

Chart showing total numbers of CVEs for each browser according to the NVD. Edge lists the fewest with 122; Chrome, 233; Firefox, 232.

Browser vulnerabilities (as of September 2016) for Microsoft Edge, Chrome, and Firefox (per the National Vulnerability Database) since Microsoft Edge was released.

While no modern browser—or any complex application—is free of vulnerabilities, the majority of the vulnerabilities for Microsoft Edge have been responsibly reported by professional security researchers who work with the Microsoft Security Response Center (MSRC) and the Microsoft Edge team to ensure customers are protected well before any attacker might use these vulnerabilities in the wild. Even better, there is no evidence that any vulnerabilities have been exploited in the wild as zero-day attacks.

However, many businesses worldwide have come under increasing threat of targeted attacks, where attackers are crafting specialized attacks against a particular business, attempting to take control of corporate networks and data. For the most security-conscience businesses, we are introducing a new layer of defense-in-depth protection: Windows Defender Application Guard for Windows 10 Enterprise. Application Guard provides unprecedented protection against targeted threats using Microsoft’s Hyper-V virtualization technology.

Understanding targeted attacks against large Enterprises

The threat landscape has changed significantly in recent years. Today, over 90% of attacks use a hyperlink to initiate the attack to steal credentials, install malware, or exploit vulnerabilities.

Diagram showing the anatomy of a typical attack; an attacker first enters (via browser or doc exploits, malicious attachments, etc); then establishes (service compromise, exploit or attachment execution, use of stolen credentials); then expands (kernel exploits, kernel-mode malware, etc.). The attacker endgame is business disruption, lost productivity, data theft, espionage, ransom, etc.

This is damaging not only to the business attacked, but also to the thousands, if not millions of users whose accounts and personal data may be stolen. Highly motivated and persistent attackers will often start with a social engineering trick: creating a well-crafted and personal email to known employees of the company. This email, which will often appear to be from a legitimate authority in the company, may ask the employee to click a link to read a supposedly important document. Unfortunately, that link is to a specially crafted malicious web site that may use a previously undisclosed vulnerability to install malware on the user’s machine. Once established on that single computer, the attackers can then steal credentials and start to probe the rest of the network for other vulnerable machines, repeating the process on other computers until they achieve their objective, whether that is stealing data, intellectual property, or disrupting the business.

Breaking the attacker playbook

We’re taking a systematic approach to disrupting these attackers by providing our customers with the tools they need to defend against these vectors of attack. Application Guard is designed to stop attackers from establishing a foothold on the local machine or from expanding out into the rest of the corporate network.

By using our industry leading virtualization technology, potential threats are not only isolated from the network and system, but will be completely removed when the container is closed.

Digging deeper into Application Guard

Application Guard leverages virtualization technology born in the Microsoft Cloud to accomplish this disruption.

When a user browses to a trusted web site, for example an internal accounting system web application, Microsoft Edge operates as it does today. It has access to local storage, can authenticate the user to internal sites with corporate credentials, standard cookies work, the user can save files to the local machine, and in general Windows just works. This mode, outlined in blue in the chart below, is known as the Host version of Windows.

Diagram showing two Windows instances running on the same device, managed by Hyper-V. The "host" operating system runs Edge trusted sites. The Application Guard instance runs a new instance of Windows, including minimum Windows Platform Services and an entirely separate kernel, which has no access to the normal operating environment.

Application Guard isolates untrusted sites in a new instance of Windows at the hardware layer.

However, when an employee browses to a site that is not recognized or trusted by the network administrator, Application Guard steps in to isolate the potential threat. As shown in the mode outlined in red above, Application Guard creates a new instance of Windows at the hardware layer, with an entirely separate copy of the kernel and the minimum Windows Platform Services required to run Microsoft Edge. The underlying hardware enforces that this separate copy of Windows has no access to the user’s normal operating environment.

Application Guard’s enforcement includes completely blocking access to memory, local storage, other installed applications, corporate network endpoints, or any other resources of interest to the attacker. This separate copy of Windows has no access to any credentials, including domain credentials, that may be stored in the permanent credential store.

Most of the time, even untrusted sites are not malicious and perfectly safe to visit, and the user just expects them to work. This isolated environment allows these sites to function essentially as they would if they were running on the host version of Windows. In this case Application Guard does provide the essential features that users would expect to work, even when browsing untrusted sites, such as being able to copy and paste with the Windows clipboard, and being able to print content from those web sites to their work printer. This allows the user to still be productive even while the host is being protected by Application Guard. The enterprise administrator has control over this functionality using Microsoft management tools and policy, and can choose what they are comfortable with based on their own risk assessment.

Defense-in-depth isolation for enterprises

To improve on the security offered by purely software based sandboxes, Microsoft worked with several enterprise and government customers on a hardware based isolation approach to address these concerns. With Application Guard, Microsoft Edge protects your enterprise from advanced attacks that can infiltrate your network and devices via the Internet, creating a safer, worry-free browsing experience for customers.

But what happens when the untrusted site is actually part of an attacker’s malicious plan?  Let’s revisit the attack described above. An attacker sends a well-crafted email to an innocent employee of the company enticing them to visit a link on a site under the attacker’s control. The innocent user, not noticing anything suspicious about the mail, clicks on the link to an untrusted location. In order to proactively keep the user and enterprise resources safe, Application Guard coordinates with Microsoft Edge to open that site in a temporary and isolated copy of Windows. In this case, even if the attacker’s code is successful in attempting to exploit the browser, the attacker finds their code running in a clean environment with no interesting data, no access to any user credentials, and no access to other endpoints on the corporate network. The attack is completely disrupted. As soon as the user is done, whether or not they are even aware of the attack having taken place, this temporary container is thrown away, and any malware is discarded along with it. There is no way for the attacker to persist on that local machine, and even a compromised browser instance has no foothold to mount further attacks against the company’s network. After deletion, a fresh new container is created for future browsing sessions.

Web developers and Application Guard

The good news for web developers is that they do not need to do anything different with their site code – Microsoft Edge renders sites in Application Guard fundamentally the same way it does in the host version of Windows. There is no need to detect when Microsoft Edge is running in this mode, nor any need to account for behavior differences. Since this temporary container is destroyed when the user is done, there is no persistence of any cookies or local storage when the user is finished.

We’re committed keeping Enterprise users and data safe and secure

Our mission at Microsoft is to empower every person and every organization on the planet to achieve more. With Windows Defender Application Guard, enterprise users can take advantage of the vast power of Internet sites and services while still protecting corporate and personal data. This capability makes Microsoft Edge the most secure browser for the Enterprise.

― John Hazen, Principal Program Manager, Microsoft Edge
― Chas Jeffries, Principal Program Manager, Application Guard

Windows 10 Enterprise E3 now available as a partner delivered cloud service

Feedback from customers and partners is at the core of how we build Windows. Partners have been eager for us to create a partner-managed cloud service subscription offering where businesses of any size can access the latest security, management and control features found in the Enterprise edition of Windows without the need for a long-term volume licensing agreement. At our Worldwide Partner Conference back in July, we announced the Windows 10 Enterprise E3 for the Cloud Solution Provider (CSP) program.

Starting today from $7 per user/per month, businesses of any size can purchase Windows 10 Enterprise E3 through the CSP program and take advantage of enterprise-grade security and management functionality. Windows 10 Enterprise E3 was designed for businesses that handle sensitive customer data (such as credit card or social security numbers), operate in regulated industries, or create and monetize intellectual property. These businesses need enterprise-grade security and management capabilities found in the Windows 10 Enterprise edition such as Device Guard, Credential Guard and Managed User Experience. Additionally, Windows 10 Enterprise E5, which includes all the features and functionality available in Windows 10 Enterprise E3 plus Windows Defender Advanced Threat Protection and advanced IT administration management functionality will be available for CSPs to start selling October 1.

With continued technical innovation announced in the Anniversary Update customers can also move their devices to a Windows 10 Enterprise edition in just seconds via the Cloud Solution Provider program and Azure Active Directory login. The vast network of managed service providers in CSP program means more options for customers to take advantage of Windows 10 Enterprise edition as a flexible, pay-as-you-go, partner delivered managed service.

We’re really excited that ALSO, Tech Data and Synnex are our launch partners and will have Windows 10 Enterprise E3 available to transact to their resellers on September 1. They can now deliver the full range of Microsoft enterprise offerings (including Azure, Dynamics, Office 365 and Windows) as a complete, cloud-delivered and managed service via a single customer user profile. This means business customers with limited or no in-house IT administration can work with a trusted partner in the CSP program to deliver the most secure edition of Windows to them in the same way they use Office 365 or Azure subscriptions.

We encourage technology resellers and solution providers looking to offer Windows 10 Enterprise subscriptions to their customers to reach out to these partners for more information about signing up as CSP resellers.

           Also

TechData

        Synnex

Visit our Windows for Business site to learn more about Windows 10 Enterprise E3 and E5 in the Cloud Solution Provider program.

New Video Series This Week on Windows Highlights Windows 10 Anniversary Update

The Windows 10 Anniversary Update begins rolling out today for customers around the world. The Anniversary Update is full of features and innovations that will bring new experiences with Windows Ink*, Cortana**, gaming and more. To give you an overview of new features that are rolling out in the update, check out the video below. It’s a part of a new weekly series we are piloting called This Week on Windows, where we’ll bring you the latest in Windows news, apps, and tips from experts here at Microsoft.

Feature highlights in the Windows 10 Anniversary Update

Windows Ink brings the power of Windows to the tip of your pen

Windows Ink

Available for the first time in the Windows 10 Anniversary Update, Windows Ink lets you quickly and easily take notes, sketch on a screenshot or draw out an idea. Smart sticky notes can help you remember common tasks like reminding you of flight times or offering you directions using Maps. You can learn more about Windows Ink in this blog post here.

Improvements to security with Windows Defender and Windows Hello for apps and websites

The Anniversary Update brings new improvements to Windows Defender, our free anti-malware service that includes an option to automatically schedule periodic quick scans of your PC to help make sure your PC is safe and update to date. New Windows Hello* features make it easy for you to use the same easy, yet strong, security of Windows Hello with Windows apps and Microsoft Edge. To learn more about the security improvements coming in the Windows 10 Anniversary Update visit this blog post.

Increased power efficiency with Microsoft Edge and the arrival of extensions

The Anniversary Update includes even more power saving improvements to Microsoft Edge to give you the most out of your PCs battery life. Also available with the Anniversary Update Microsoft Edge Extensions are coming to the Windows Store, such as Pinterest Pin It Button, Amazon Assistant, AdBlock, Adblock Plus and LastPass. These extensions will help you personalize your browsing experience even further.

Cortana helps you be more productive

Cortana on Windows 10
With the Anniversary Update Cortana will be available above your lock screen so you can do things like ask questions, play music from your PC or set a reminder without unlocking your device. Cortana can save and recall key information across your devices, like your frequent flier number or where you parked at the airport. You can also add photos to make your reminders visual, like a photo of a bottle of wine you enjoyed at a restaurant. To learn more about Cortana in the Anniversary Update visit this blog post.

Gamers stay connected and enjoy more games

With the Anniversary Update, Cortana is now available on Xbox One in the U.S. and U.K. With Cortana, gamers can expect more from voice commands on Xbox. In addition to more commands and greater accuracy with natural language and text dictation, Cortana provides the ability to use a headset or Kinect. You’ll be able to use Cortana to find great new games, see what your friends are up to, start a party, accomplish common tasks, turn on your Xbox One if you’re using Kinect, and more. We’ll continue to build more Cortana features over time as part of our vision to have Cortana be your personal digital assistant for gaming. Gamers can also enjoy the Anniversary Update on the new Xbox One S that is available starting today. To learn more about what the Windows 10 Anniversary Update means for Xbox visit Xbox Wire.

Windows Store is a one-stop shop for play and work

With the Anniversary Update, we’re bringing together the best of Windows and Xbox. You can access your favorite apps, games, movies, music and more in the Windows Store including games only for Windows 10 and Xbox. The new store simplifies the shopping experience and will feature a new look, higher quality content, subscription offerings, bundles and pre-orders. With Xbox Play Anywhere, shoppers can pre-order their favorite games before launch, then play on either their Windows 10 PC or Xbox One the day of availability. This gives gamers more options of where to play their favorite games.

New innovations for the modern classroom

Customers can enjoy a range of new education features in the Windows 10 Anniversary Update, including faster, simpler set up with all new tools to help educators get up and running quickly and the “Take a Test” app that creates a browser-based, locked down environment for more secure online assessments. To learn more about what education features customers can enjoy in the Anniversary Update, visit this blog post.

Try the new Skype Preview with the Windows 10 Anniversary Update

Skype Preview

Skype Preview for Windows 10 PCs has been redesigned for Windows 10 and will come installed automatically with the Anniversary Update. You’ll be able to use all your favorite Skype features: talk over 1:1 and group video calls, say hello with 1:1 and group chats, call mobiles and landlines at low rates, share photos, share files, use emoticons, and add Mojis. To get started, once you have the Windows 10 Anniversary Update on your PC, open the Start menu and you’ll see “Skype Preview” in your list of apps. Click to launch or pin it to your taskbar or start for even faster access. To learn more about the great new features you can enjoy with Skype Preview in the Anniversary Update head over to the Skype Blog.

Finally, the Windows 10 Anniversary Update is our most reliable update yet, and since the November update last year we’ve made significant improvements to help your PC work better and last longer. For example, through our Windows Insider Program, we are seeing an average 20% improved boot speed. And your battery will last even longer as we’ve made more than 150 improvements in battery life functionality.

The Windows 10 Anniversary Update begins rolling out today, if you don’t want to wait for the update to roll out to you automatically and would like to manually get the update, check out this blog post.

*Hardware requirements apply.
**Cortana available in select markets.