10 new features for IT pros in the Windows 10 Creators Update
In addition to all the new features and improvements included with the Windows 10 Creators Update, Microsoft is also delivering a set of features and new tools specifically designed to make it easier for IT pros to manage, maintain, and protect devices and data in their organization networks.
Alongside the array of new consumer changes, specific to IT pros, you'll find new tools, such as MBR2GPT to simplify the process to move from legacy BIOS to UEFI. Dynamic Lock and "Block at First Sight" features help to improve security. You can use new policies to control the visibility of features users can access in the Settings app, and further customize the Microsoft Edge user experience. Organizations can now ditch Group Policy in favor of Mobile Device Management to manage Windows 10 computers, and a lot more.
Settings app control
On the Creators Update, Windows 10 introduces a slew of new improvements and tweaks to the Settings app. In this new version, you'll find more sections (e.g., Apps, Gaming, and Mixed Reality), more options, various interface changes, and Microsoft is even migrating over more features from Control Panel.
While these new improvements are welcome additions, they also give users more control over the configuration of Windows 10, which is not ideal for devices that belong to an organization. However, starting with the Creators Update, Windows 10 includes a feature that allows IT professionals to limit the access to the Settings app.
Using Group Policy (or Mobile Device Management), it's now possible to configure the "Settings Page Visibility" policy to specify which pages are visible or hidden in the Settings app. If all the pages in a category are blocked, then the category will be removed from the Settings app too.
Dynamic Lock is a new feature part of the Creators Update designed to add an extra layer of security for organizations. It's internally known as "Windows Goodbye," and once enabled Windows 10 can detect when the user steps away, and then after 30 seconds, it turns off the screen and locks the computer automatically.
Then the user must enter their password to get back into the workstation. Although anyone can use this feature, Dynamic Lock is particularly useful on devices for employees who may have to work with the company sensitive information.
On Windows 10, Dynamic Lock works by pairing a phone (or another device) using Bluetooth to a computer and then turning on the feature from the "Sign-in options" page.
You can use our guide to learn all the steps to configure Dynamic Lock on Windows 10.
Registry Editor navigation
On Windows 10, the Registry is a database that stores low-level and applications settings, which many times, administrators need to modify using the Registry Editor to tweak different aspects of the OS, or a particular app.
While on the Creators Update there isn't a new version of the Registry Editor, the update includes a few overdue improvements, including a new address bar to make it a lot easier to navigate the database -- helping to minimize the chances of mistakes.
If you've worked with the Registry Editor before, you know that browsing through keys can be confusing and time-consuming. On version 1703, you can now type or paste the full path in the address bar below the file menu to quickly jump to a location.
When you're navigating the Registry keys, the path of your current location will also appear in the address bar, which you can easily note for future reference.
MBR2GPT is a new command-line tool included with the Windows 10 Creators update that allows you to quickly convert a drive to GUID Partition Table (GPT) from Master Boot Record (MBR), as part of the migration from legacy BIOS to UEFI.
The best part is that it's a non-destructive process. In the past, you needed to create a backup of the data, repartition the disk, reinstall Windows 10, and then restore the data to convert the disk to GPT and migrate to UEFI. However, with the HBR2GPT tool, the changes are made in seconds without modifying or deleting the data inside of the drive.
The tool is also very flexible. You can use it while Windows 10 is fully loaded or inside the Windows Preinstallation Environment (Windows PE). Additionally, you can convert encrypted disks using BitLocker, but only as long as encryption is suspended before using the tool.
It's also possible to convert disks using MBR to GPT running an earlier version of Windows 10. However, in order to use the tool, you first need to start the computer on Windows 10 version 1703 or later, and then run the tool on the drive with the older version. If you're running Windows 7 or Windows 8.1, it's recommended that you upgrade to the latest release of Windows 10 first, and then perform the conversion.
Hyper-V Quick Create
On the Windows 10 Creators Update, Microsoft has also been working to improve its virtualization technology, Hyper-V.
In this release, the Hyper-V Manager includes a new option that significantly speeds up the creation of a new virtual machine.
When you click the new "Quick Create" button, it will result in one new generation 2 virtual machine with pre-defined configurations, including:
- 2GB of RAM with Dynamic Memory enabled.
- 4 virtual processors.
- Dynamic VHD storage that can grow up to 100GB.
Alongside the ability to get a VM up and running in seconds, Windows 10 also brings a few interesting additions to Hyper-V.
You've been able to create virtual machines within a virtual machine using nested virtualization for some time, but options were somewhat limited. Starting with version 1703, it's now possible to create a checkpoint and save the state of virtual machines using nested Hyper-V.
In addition, two new improvements make it easier to work with multiple NAT networks and IP pinning.
After installing the Creators Update, you'll be able to use multiple NAT networks on a single host. And you can now build and test your apps with tools directly from the host using an overlay network driver.
App control during upgrade
Windows 10 comes with a bunch of default apps, which usually administrators remove manually, as part of the process to customize the user experience to comply with the organization policies.
Although this is a standard process, in the past, many complaints have been reported about Windows 10 automatically reinstalling the default apps during a feature update installation, which results in a less ideal user experience. Starting with the Creators Update, Windows 10 will no longer reinstall those apps that were uninstalled before the upgrading of a new version of the OS.
Microsoft Edge customization
In addition to the numerous features and improvements included in the new version of Microsoft Edge, the software giant has been working to make it easier for IT pros to customize the web browser for network users.
On the Windows 10 Creators Update, organizations can take better control of the user experience, security, and privacy on the web using Microsoft Edge.
Using Group Policy and Mobile Device Management (MDM), network administrators can customize the browser in a number of ways.
Here's a list of the new customization options you can apply to Microsoft Edge, starting with version 1703:
- Allow Address bar drop-down list suggestions.
- Allow clearing browsing data on exit.
- Allow search engine customization.
- Configure additional search engines.
- Configure the Adobe Flash Click-to-Run setting.
- Disable lockdown of Start pages.
- Keep favorites in sync between Internet Explorer and Microsoft Edge.
- Prevent the First Run webpage from opening on Microsoft Edge.
- Set default search engine.
Windows Defender Antivirus
A lot of the improvements introduced with the Creators Update are meant to make Windows 10 more secure for users and organizations.
Starting with version 1703 "Windows Defender" gets renamed to "Windows Defender Antivirus" and delivers a few new interesting features, including Block at First Sight, and options to change the cloud protection level.
Block at First Sight is configurable using Group Policy and Windows Defender Security Center app, and it's a new feature that introduces a method to detect and block malware within seconds.
Organizations can now change the level of cloud protection provided using Windows Defender Antivirus using the System Center Configuration Manager and Group Policy. This new feature allows setting a default or high blocking level of protection.
The default level offers reliable protection without adding more risk of false positives, while the high blocking level offers the same protection, but some legitimate files may be detected as threats.
Mobile Device Management (MDM)
If you work on a corporate network, you probably already use the Mobile Device Management (MDM) system to manage and configure mobile iOS, Android, and Windows devices, and separately, you use Group Policy (or Configuration Manager) to manage Windows 10 computers.
In addition to managing mobile devices, it's now possible to fully customize and manage Windows 10 computers using the modern Mobile Device Management console. Also, using this approach, network administrators can leverage the cloud to manage all the devices remotely without having to connect to the corporate network.
Microsoft is even making available an MDM Migration Analysis Tool on GitHub to help organizations to move from Group Policy to the modern Mobile Device Management system.
Windows Configuration Designer
IT pros will also find improvements to help to deploy apps to network clients without the need of imaging.
In the new version of the Windows Configuration Designer app available from the Store (previously known as Windows Imaging and Configuration Designer) introduces some new wizards to simplify the creation of packages to deploy on desktop PCs, kiosks, and mobile devices. The app even includes an option to remove preinstalled apps on devices.
You can also now use PowerShell cmdlets to automatically deploy provisioning packages created using the updated Windows Configuration Designer.
If your corporate network uses Azure Active Directory, it's now possible to create provisioning packages to bulk enroll devices to Azure AD.
Wrapping things up
Windows 10 (version 1703) is ready for download immediately using Windows Update or Windows Update for Business. If your organization IT environment runs on Windows 10 Enterprise, you can download this new release from the MSDN Subscriptions Center.