Windows 10 Enterprise LTSC 2021: here are the major changes
Windows 10 Enterprise LTSC 2021 is now available. windows-10-enterprise-ltsc-2021 The new Long Term Servicing Channel version of Windows 10 is not available as a retail version. The new release "builds on Windows 10 Enterprise LTSC 2019" and its feature set is equivalent to Windows 10 version 21H2, which Microsoft released this week.
Windows 10 Enterprise LTSC 2021 includes changes found in the Windows 10 versions 1903, 1909, 2004, 21H1 and 21H2, when compared to Windows 10 Enterprise LTSC 2019.
One core difference between the two Enterprise versions is that the support lifecycle has been reduced by Microsoft. Windows 10 Enterprise LTSC 2021 gets 5 years of support, that is 5 years less than the support lifecycle of Windows 10 Enterprise LTSC 2019. The only exception is Windows 10 Enterprise LTSC 2021 IoT, which still gets 10 years of support.
Windows 10 Enterprise LTSC 2021 will be supported until 2026 by Microsoft, that is three years less than the support lifecycle of Windows 10 Enterprise LTSC 2019.
Microsoft highlights the following core improvements in the new LTSC 2021 version of Windows 10:
- System Guard: Improved SMM Firmware Protection feature, which is built on top of System Guard Secure Launch. It is designed to "reduce the firmware attack surface". Windows Defender "enables an even higher level of System Management Mode (SMM) Firmware Protection" to detect a higher level of SMM compliance. Microsoft notes that there are three versions of SMM Firmware Protection. Devices that support version 3, the strongest protection, will be released soon as they require new hardware, according to Microsoft.
- Windows Security app: includes Protection history, including Controlled Folder Access blocks, and Windows Defender Offline Scanning tool actions.
- Bitlocker and Mobile Device Management (MDM) with Azure Active Directory: better protection against accidental password disclore though a "new key-rolling feature" which "securely rotates recovery passwords on MDM-managed devices".
- Windows Defender Firewall: includes several new features.
- Reduce the attack surface of a device through rules that restrict or allow traffic using properties such as IP addresses, ports, or program paths.
- Integrated Internet Protocol Security (IPsec), to enforce "authenticated, end-to-end network communications".
- Easier to analyze and debug. IPsec integrated into Packet Monitor.
- Enhanced Windows Defender Firewall event logs.
- Support for Windows Subsystem for Linux (WSL).
- Attack surface area reduction: administrators may configure advanced web protections to set allow and deny lists for URLs and IP addresses.
- Next Generation protection: extended to protect against ransomware, credential misuse, and removable storage attacks.
- Integrity enforcement capabilities: runtime attestation of Windows 10.
- Tamper-proofing capabilities: Virtualization-based security that isolates Microsoft Defender for Endpoint security from the OS and potential attackers.
- Emergency outbreak protection: updates devices automatically with "new intelligence" when outbreaks are detected.
- Improved support for non-ASCII file paths.
- Geolocation support of sample data.
- Certified ISO 27001 compliance.
- Windows Sandbox support.
- Microsoft Defender Application Guard enhancements:
- Ability to change Windows Defender Application Guard settings without having to change Registry key settings.
- Application Guard extension for Google Chrome and Mozilla Firefox.
- Application Guard supports Microsoft Office.
- Dynamic navigation support "to navigate back to their default host browser from the Application Guard Microsoft Edge".
- Application Control:
- WDAC supports multiple simultaneous code integrity policies.
- Path based rules.
- Allow COM object registration.
- Windows Hello improvements:
- Official FIDO2 support across all major browsers, Microsoft Account and Azure AD.
- Passwordless sign-in for Microsoft Accounts.
- Safe Mode supports Windows Hello PIN sign-in.
- Windows Hello for Business supports Hybrid Azure Active Directory.
- Added support for virtualization-based security to secure "a user's biometric authentication data".
- Multi-camera support added.
- Remote Desktop with biometrics support.
- Windows Defender Credential Guard supports ARM64.
- Microsoft privacy settings: new notification icon when apps use the microphone.
- Microsoft Intune supports Windows 10 Enterprise LTSC 2021 (except for Windows Update Rings in device profiles).
- Mobile Device Management policies extended with "new Local Users and Groups settings".
- New Key-rolling and Key-rotation features that enable "secure rolling of Recovery passwords on MDM-managed AAD devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive.
- SetupDiag command line tool to analyze why the installation of updates failed.
- Support for Reserved Storage.
- Microsoft Edge Kiosk Mode support.
- Windows Subsystem for Linux is available in-box.
- Support for WPA3 H2E standard.
You can check out Microsoft's What's New support article here.
Now You: Which edition of Windows do you prefer?Advertisement