Windows 10 Enterprise

All Windows 10 business versions come with these features

Windows Trusted Boot

Windows 10 closes off the pathways that allow malware to hide by starting before the malware does. Windows trusted boot, used in combination with UEFI Secure Boot, helps make sure that your PC boots securely and that only trusted software can run during start-up.

Windows Hello

Windows Hello4 is a convenient enterprise-grade alternative to passwords that is designed for today’s mobile-first world. It uses a natural (biometrics) or familiar (PIN) means to validate a user’s identity using the devices they already have. It does not require additional external hardware such as a Smartcard, and/or infrastructure.

The difference between Windows Hello and Windows Hello for Business

• Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Hello provides a layer of protection by being unique to the device on which it is set up, however it is not backed by certificate-based authentication.
• Windows Hello for Business, which is configured by Group Policy or MDM policy, uses key-based or certificate-based authentication.
• Currently Active Directory accounts using Windows Hello are not backed by key-based or certificate-based authentication. Support for key-based or certificate-based authentication is on the roadmap for a future release.

Benefits of Windows Hello

Reports of identity theft and large-scale hacking are frequent headlines. Nobody wants to be notified that their user name and password have been exposed.

You may wonder how a PIN can help protect a device better than a password. Passwords are shared secrets; they are entered on a device and transmitted over the network to the server. An intercepted account name and password can be used by anyone. Because they're stored on the server, a server breach can reveal those stored credentials.

In Windows 10, Hello replaces passwords. The Hello provisioning process creates a cryptographic key pair bound to the Trusted Platform Module (TPM), if a device has a TPM, or in software. Access to these keys and obtaining a signature to validate user possession of the private key is enabled only by the PIN or biometric gesture. The two-step verification that takes place during Hello enrollment creates a trusted relationship between the identity provider and the user when the public portion of the public/private key pair is sent to an identity provider and associated with a user account. When a user enters the gesture on the device, the identify provider knows from the combination of Hello keys and gesture that this is a verified identity and provides an authentication token that allows Windows 10 to access resources and services. In addition, during the registration process, the attestation claim is produced for every identity provider to cryptographically prove that the Hello keys are tied to TPM. During registration, when the attestation claim is not presented to the identity provider, the identity provider must assume that the Hello key is created in software.

Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device.

Hello helps protect user identities and user credentials. Because no passwords are used, it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.

Hello also enables Windows 10 Mobile devices to be used as a remote credential when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions.

BitLocker

BitLocker5 and BitLocker to Go encrypt your data on your device and even on your USB drive, so you’re more protected.

Windows Information Protection

Windows Information Protection6 (WIP) makes it easier to safeguard your business data. WIP gates user and app access to protected data based on policies you define. So you can help protect data wherever it lives on your devices—without affecting your user experience.

Conditional Access

The Windows Device Health Attestation cloud service used in concert with management system such as Microsoft Intune8 can provide Conditional Access services that help prevent untrustworthy devices from gaining access to corporate resources.

NOTE: The iso files we linked are not full versions they are trail versions for "90 Days"

             But they are original ISO files from Microsoft.

32-Bit (2.72gb)

64-Bit (3.63gb)

Share on Google Plus

About MANI KUMAR CHOWDARY

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.