Handling software upgrades can sometimes be easy and sometimes be a pain in the butt. You may have heard that Microsoft has released a new version of Windows 10…introducing E3. What many of our customers are interested in knowing is ‘Is it worth it’?
For many businesses, the simple answer is yes. Here’s our 2 favorite features and why we think it’s worth it.
Credential Guard in Windows 10 Enterprise E3
Credential Guard offers additional protection for users authenticated on your network against malware running in your operation system. One of the aims is to isolate and harden key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. Credential Guard basically uses virtualization-based security to isolate your credentials in order to prevent hackers from taking over the networks
Credential Guard Features
- Hardware security Credential Guard increases the security of derived domain credentials by taking advantage of platform security features including, Secure Boot and virtualization.
- Virtualization-based security Windows services that manage derived domain credentials and other secrets run in a protected environment that is isolated from the running operating system.
- Better protection against advanced persistent threats Securing derived domain credentials using the virtualization-based security blocks the credential theft attack techniques and tools used in many targeted attacks. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures.
- Manageability You can manage Credential Guard by using Group Policy, WMI, from a command prompt, and Windows PowerShell.
Device Guard in Windows 10 Enterprise E3
Device Guard helps keep your devices safe from malware, untrusted apps, and executables. Its focus is preventing malicious code from running by ensuring only known good code can run (also known as whitelisting). Since malware and cyber threats are constantly evolving, it no longer makes sense to simply blacklist against known threats since you’ll always be a few steps behind. With Device Guard, you essentially allow only the applications you trust to go through, which allows you to stay a step ahead of malware and other threats.
Device Guard consists of 3 primary components:
- Configurable Code Integrity (CCI) – Ensures that only trusted code runs from the boot loader onwards
- VSM Protected Code Integrity – Moves Kernel Mode Code Integrity (KMCI) and Hypervisor Code Integrity (HVCI) components into VSM, hardening them from attack
- Platform and UEFI Secure Boot – Ensures the boot binaries and UEFI firmware are signed and have not been tampered with
The Upgrade Process For Windows 10 Enterprise
To take advantage of all the great security and control features in Enterprise E3 you’ll need to upgrade your existing devices to Windows 10 Pro if you haven’t already. After that, you’ll just need to install the Windows 10 Pro Anniversary Update to ensure your devices support all the advanced security and control features in Enterprise E3. Instead of wipe-and-reload deployment, we can upgrade your qualifying devices “in-place” to Windows 10 Enterprise, preserving data and settings, as well as updating apps and drivers when possible. All with no reboot required. Before the upgrade, Windows will check for anything that is not compatible.
What Types of Businesses Need These Security Features
Here’s a few different types of businesses where we recommend Windows 10 E3, but really it could (and should) be employed in any small business since we are all targets for cyber attacks. With such a low cost, it should be an easy decision to be more preventative against cyber threats.
- If your business has access, processes or stores highly sensitive data such as credit card data, SSNs, or PII or if you’re in the financial services, legal services or healthcare services
- If your business operates in regulated industries (FDA, HIPPA, SEC, SOX, FDA, CPSIA, FCC, etc)
- If your business develops in-house software such as online e-tailers, SaaS providers, or software consulting and application development firms
- Your business requires enterprise-grade security and control for better piece of mind or you’ve been hacked before
How Much Does Windows 10 E3 Cost?
With a small business price of $7 per-user, per-month pricing and a pay-as-you-go subscription model give you the flexibility to scale as your business needs change.
- Subscription-based access: flexible, pay-as-you go monthly billing lowers up-front costs
- Per-user licensing: pay only for the users you need and eliminate the need for device counting
- Licensing re-assignment: we can quickly onboard new users and re-assign licenses as needed
- Seamless upgrades: save time with a fast, simple upgrade – no wipe and reload needed
- Cloud-based provisioning: no on-premises infrastructure required, which helps you streamline IT management and reduce costs
With Windows Enterprise E3, you can get enterprise-grade security and control for your small business – without the enterprise-grade price tag.
When you make the hassle-free upgrade from Windows 10 Pro, you’ll take advantage of the latest security, management, and deployment features, while saving on capital expenses and lowering up front costs with subscription-based access. Plus, you’ll spend less time managing devices with a simple, flexible subscription licensing process.