Table of Contents

1. Preface
   1. What this book covers
   2. What you need for this book
   3. Who this book is for
   4. Conventions
   5. Reader feedback
   6. Customer support
      1. Downloading the color images of this book
      2. Errata
      3. Piracy
      4. Questions
1. Installation and Upgrading
   1. Which branch to select?
      1. Current Branch, also known as Semi-Annual Channel (Targeted)
      2. Current Branch for Business, also known as Semi-Annual Channel
         1. Support timeline before 1709
         2. Support timeline since 1709
      3. The Long-Term Servicing Branch
         1. LTSB problem silicon support - potential risk with Zen, Cannonlake, and newer CPUs
         2. Limitations of LTSB
      4. Recommendations
   2. New deployment methods
      1. Why in-place upgrades?
      2. Limitations and blocker of the in-place upgrade
         1. Changing from BIOS/legacy mode to UEFI mode
         2. Changing from Windows 32-bit/x86 to 64-bit/x64
         3. Changing the base OS language
         4. Changing primary disk partitioning
         5. Using the Windows To Go or boot from VHD features
         6. Image creation process (sysprep after upgrade not supported)
         7. Certain third-party disk encryption products
         8. Changing too many apps (bulk application swap)
         9. Changing the environment
      3. Traditional wipe and load
      4. An alternative: provisioning
   3. Improvements in deployment since Windows 10 1511
      1. Windows 10 1607, also known as Anniversary Update
      2. Windows 10 1703/1709, also known as Fall Creators Update
   4. Tips and tricks for smooth in-place upgrade from 7, 8.1, or 10 to 10
      1. Integrating cumulative updates into install sources
      2. Updating graphics driver
      3. Looking at Setupact.log and Setupapi.dev.log
      4. Using Windows Upgrade Analytics aka Windows Upgrade Readiness
   5. Selecting the deployment tools
   6. Summary
2. Configuration and Customization
   1. Introducing Windows as a service
   2. Cortana
   3. Security mitigation
   4. Image customization
      1. Imaging process
      2. Customizing the image
   5. Upgrade expectations
      1. Internet Explorer 11 Enterprise Mode configuration
      2. Windows 10 Start and taskbar layout
      3. Audit mode
      4. Tips
      5. Virtual Desktop Infrastructure
         1. Layering technologies
   6. Security Compliance Manager
      1. AppLocker
   7. Microsoft Windows Store for Business, also known as Private Store
   8. Microsoft telemetry
      1. Windows Spotlight
      2. Mandatory user profiles
         1. Assigned Access, also known as kiosk mode
         2. Bring Your Own Device scenarios
         3. Windows libraries
         4. User Experience Virtualization
   9. Summary
3. User Account Administration
   1. Windows account types
   2. Account privileges
   3. Local Admin Password Solution
   4. Create policies to control local accounts
      1. Password policy
      2. Account lockout policy
   5. Manage user sign in options
   6. Mobile device management security settings 
   7. User Account Control
   8. Windows Hello for Business
      1. Manage options for Windows Hello for Business
   9. Credential Guard
   10. Privileged Access Workstation
   11. Summary
4. Remote Administration Tools
   1. Remote Server Administration Tools
      1. Installing RSAT
      2. RSAT usage
   2. PowerShell
      1. PowerShell setup
      2. PowerShell usage
      3. PowerShell in the Enterprise
      4. Desired State Configuration
   3. Windows Sysinternals tools suite
      1. BgInfo
         1. Configuring BGInfo
         2. Deployment
         3. Introducing PsTools
         4. Installing PsTools
         5. Using PsTools
         6. Custom code repository
   4. Summary
5. Device Management
   1. Evolving business needs
   2. Mobile device management
   3. Changes to GPOs in Windows 10
      1. Enterprise/Education - only GPOs
      2. Known issues when upgrading the central policy store
      3. Known issues with Group Policy Preferences/GPMC
   4. Servicing and patching
      1. Why cumulative updates?
      2. Update delivery solutions
         1. Windows Update
         2. Windows Update for Business
         3. Windows Server Update Services
         4. SCCM and third-party solutions
      3. Windows 10 servicing
   5. Summary
6. Protecting Enterprise Data in BYOD Scenarios
   1. Bring Your Own Device
      1. What is BYOD?
      2. Choose Your Own Device
      3. Key considerations
         1. Device choice
         2. Ownership
         3. Management responsibility
         4. Comparing options
   2. Protection options
      1. Identity and access management
         1. Connect to work or school
         2. Microsoft Passport
         3. Windows Hello
         4. Credential Guard
      2. Device Configuration
      3. Application management
         1. Provisioning packages
         2. Windows Store for Business
         3. Mobile Application Management
      4. Information protection
         1. BitLocker and device pin
         2. Windows Information Protection
         3. Document classification and encryption
         4. Data loss prevention
   3. Alternative options
      1. Enable remote/virtual desktops - RDS/VDI
      2. Enable virtual private networks
      3. Publish applications via proxy
      4. End user behavior analytics
      5. OneDrive for Business
      6. Work Folders
         1. Work Folders compared to other sync technologies
   4. Summary
7. Windows 10 Security
   1. Today's security challenges
   2. Windows Hello/Windows Hello for Business
      1. Differences between Windows Hello and Windows Hello for Business
   3. Virtualization-based security
   4. Credential Guard
   5. Device Guard
   6. Windows Defender Application Guard for Microsoft Edge
   7. Windows Defender Exploit Guard
   8. Device Health Attestation
   9. Windows Defender Security Center
   10. New BitLocker options
   11. Local Administrator Password Solution
       1. AD preparation
       2.  Now to the installation
          1. LAPS UI
          2. Group Policy client-side extension
          3. Group Policy configuration options
   12. Summary
8. Windows Defender Advanced Threat Protection
   1. Prerequisites
   2. Windows Defender
      1. Windows Defender Security Center
      2. Windows Defender ATP
   3. Plan - environment analysis
   4. Deploy - service activation
      1. Sign up and activate Windows Defender ATP
      2. Portal configuration
         1. Check service health
         2. Check sensor status
         3. Enable SIEM integration
   5. Onboard endpoints
      1. Configure sensor data
      2. Additional configuration
   6. Detect - using the ATP portal
      1. Alerts queue
      2. Machine list
      3. Preferences setup
      4. Endpoint management
   7. Protect Post-breach response
      1. Types of threats
         1. Ransomware
         2. Credential theft
         3. Exploits
         4. Backdoors
         5. General malware
         6. Potentially Unwanted Application
      2. Take responsive actions
         1. Taking responsive actions on a machine
            1. Collecting an investigation package
            2. Isolate a machine
         2. Take responsive actions on a file or process
            1. Request deep analysis
            2. Stop and quarantine file
            3. Block file
         3. Pivot into Office 365
   8. Summary
9. Advanced Configurations
   1. Virtual desktops
      1. VDI infrastructure best practices
      2. VDI configuration considerations
   2. The Windows ICD
   3. Windows 10 Kiosk Mode
   4. AutoPilot mode
      1. The Set up School PCs application
   5. Device lockdown
      1. Custom Logon
      2. Keyboard filter
      3. Shell Launcher
      4. Unbranded Boot
      5. Unified Write Filter
   6. Summary
10. RedStone 3 Changes
    1. OneDrive – file on demand
    2. Task Manager shows GPU usage graph
    3. No SMB1
    4. Ubuntu, openSUSE and SUSE LSE available as Linux subsystem
    5. New features of Microsoft Edge
    6. New Google Chrome to Microsoft Edge migration feature
    7. Hyper-V improvements
    8. Change of network profiles in GUI
    9. Improved storage sense feature
    10. Microsoft Fluent Design
    11. My people app
    12. Eye tracking
    13. Controlled folder access
    14. Summary