Windows 10 Enterprise LTSC 2021: Here are the main changes

Windows 10 Enterprise LTSC 2021 is now available. windows-10-enterprise-ltsc-2021 The new version of the Windows 10 long-term service channel is not available as a commercial version. The new version “is based on Windows 10 Enterprise LTSC 2019” and its feature set is equivalent to Windows 10 version 21H2, which Microsoft released this week.

Windows 10 Enterprise LTSC 2021 includes changes found in Windows 10 versions 1903, 1909, 2004, 21H1, and 21H2, compared to Windows 10 Enterprise LTSC 2019.

A key difference between the two Enterprise versions is that Microsoft has shortened the support lifecycle. Windows 10 Enterprise LTSC 2021 gets 5 years of support, which is 5 years less than the support lifecycle of Windows 10 Enterprise LTSC 2019. The only exception is Windows 10 Enterprise LTSC 2021 IoT, which still receives 10 years of support.

Windows 10 Enterprise LTSC 2021 will be supported through 2026 with Microsoft, which is three years less than the support lifecycle of Windows 10 Enterprise LTSC 2019.

Microsoft highlights the following main improvements in the new LTSC 2021 version of Windows 10:

• System guard: Enhanced SMM firmware protection feature, which is based on System Guard Secure Launch. It is designed to “reduce the attack surface of the firmware.” Windows Defender “enables an even higher level of system management mode (SMM) firmware protection” to detect a higher level of SMM compliance. Microsoft notes that there are three versions of SMM Firmware Protection. Devices that support version 3, the strongest protection, will be released soon as they require new hardware, according to Microsoft.
• Windows security application– Includes protection history, including Folder Controlled Access Blocks and Windows Defender Offline Scan Tool actions.
• Bitlocker and Mobile Device Management (MDM) with Azure Active Directory: better protection against accidental password disclosure through a “new key transfer feature” that “securely rotates recovery passwords on MDM-managed devices.”
• Firewall de Windows Defender– Includes several new features.
  • Reduce the attack surface of a device by using rules that restrict or allow traffic using properties such as IP addresses, ports, or program paths.
  • Integrated Internet Protocol Security (IPsec), to enforce “end-to-end authenticated network communications.”
  • Easier to analyze and debug. IPsec integrated into Packet Monitor.
  • Improved Windows Defender Firewall event logs.
  • Support for the Windows Subsystem for Linux (WSL).
• Attack surface area reduction– Administrators can configure advanced web protections to establish allow and deny lists for URLs and IP addresses.
• Next generation protection– Extended to protect against ransomware, credential misuse, and removable storage attacks.
• Integrity Enforcement Capabilities – Windows 10 Runtime Attestation.
• Tamper-proof capabilities: Virtualization-based security that isolates Microsoft Defender for endpoint security from the operating system and potential attackers.
• Emergency Outbreak Protection – Automatically updates devices with “new intelligence” when outbreaks are detected.
• Improved support for non-ASCII file paths.
• Sample data geolocation support.
• ISO 27001 certified compliance.
• Windows Sandbox support.
• Microsoft Defender Application Guard enhancements:
  • Ability to change Windows Defender Application Guard settings without having to change registry key settings.
  • Application Guard extension for Google Chrome and Mozilla Firefox.
  • Application Guard es compatible con Microsoft Office.
  • Dynamic navigation support “to navigate back to your default host browser from Application Guard Microsoft Edge.”
• Application control:
  • WDAC supports multiple concurrent code integrity policies.
  • Rules based on routes.
  • Allow registration of COM objects.
• Windows Hello improvements:
  • Official FIDO2 support on all major browsers, Microsoft accounts, and Azure AD.
  • Passwordless login for Microsoft accounts.
  • Safe mode supports Windows Hello PIN login.
  • Windows Hello for Business supports Azure Active Directory Hybrid.
  • Support for virtualization-based security was added to protect “a user’s biometric authentication data.”
  • Support for multiple cameras was added.
  • Remote desktop with biometric support.
• Windows Defender Credential Guard supports ARM64.
• Microsoft privacy settings: new notification icon when applications use the microphone.
• Microsoft Intune supports Windows 10 Enterprise LTSC 2021 (except for Windows update rings in device profiles).
• Mobile device management policies were extended with “new local user and group settings.”
• New key transfer and key rotation features that enable secure transfer of recovery passwords to MDM-managed AAD devices at the request of Microsoft Intune / MDM tools or when using a recovery password to unlock the BitLocker-protected drive .
• SetupDiag command line tool to analyze why update installation failed.
• Support for reserved storage.
• Microsoft Edge kiosk mode support.
• The Windows subsystem for Linux is available out of the box.
• Support for the WPA3 H2E standard.

You can check out the Microsoft What’s New support article here.

Now you: Which edition of Windows do you prefer?

advertising