Windows 10 Enterprise LTSC 2021: here are the major changes
Windows 10 Enterprise LTSC 2021 is now available. windows-10-enterprise-ltsc-2021 The new Long Term Servicing Channel version of Windows 10 is not available as a retail version. The new release "builds on Windows 10 Enterprise LTSC 2019" and its feature set is equivalent to Windows 10 version 21H2, which Microsoft released this week.
Windows 10 Enterprise LTSC 2021 includes changes found in the Windows 10 versions 1903, 1909, 2004, 21H1 and 21H2, when compared to Windows 10 Enterprise LTSC 2019.
One core difference between the two Enterprise versions is that the support lifecycle has been reduced by Microsoft. Windows 10 Enterprise LTSC 2021 gets 5 years of support, that is 5 years less than the support lifecycle of Windows 10 Enterprise LTSC 2019. The only exception is Windows 10 Enterprise LTSC 2021 IoT, which still gets 10 years of support.
Windows 10 Enterprise LTSC 2021 will be supported until 2026 by Microsoft, that is three years less than the support lifecycle of Windows 10 Enterprise LTSC 2019.
Microsoft highlights the following core improvements in the new LTSC 2021 version of Windows 10:
- System Guard: Improved SMM Firmware Protection feature, which is built on top of System Guard Secure Launch. It is designed to "reduce the firmware attack surface". Windows Defender "enables an even higher level of System Management Mode (SMM) Firmware Protection" to detect a higher level of SMM compliance. Microsoft notes that there are three versions of SMM Firmware Protection. Devices that support version 3, the strongest protection, will be released soon as they require new hardware, according to Microsoft.
- Windows Security app: includes Protection history, including Controlled Folder Access blocks, and Windows Defender Offline Scanning tool actions.
- Bitlocker and Mobile Device Management (MDM) with Azure Active Directory: better protection against accidental password disclore though a "new key-rolling feature" which "securely rotates recovery passwords on MDM-managed devices".
- Windows Defender Firewall: includes several new features.
- Reduce the attack surface of a device through rules that restrict or allow traffic using properties such as IP addresses, ports, or program paths.
- Integrated Internet Protocol Security (IPsec), to enforce "authenticated, end-to-end network communications".
- Easier to analyze and debug. IPsec integrated into Packet Monitor.
- Enhanced Windows Defender Firewall event logs.
- Support for Windows Subsystem for Linux (WSL).
- Attack surface area reduction: administrators may configure advanced web protections to set allow and deny lists for URLs and IP addresses.
- Next Generation protection: extended to protect against ransomware, credential misuse, and removable storage attacks.
- Integrity enforcement capabilities: runtime attestation of Windows 10.
- Tamper-proofing capabilities: Virtualization-based security that isolates Microsoft Defender for Endpoint security from the OS and potential attackers.
- Emergency outbreak protection: updates devices automatically with "new intelligence" when outbreaks are detected.
- Improved support for non-ASCII file paths.
- Geolocation support of sample data.
- Certified ISO 27001 compliance.
- Windows Sandbox support.
- Microsoft Defender Application Guard enhancements:
- Ability to change Windows Defender Application Guard settings without having to change Registry key settings.
- Application Guard extension for Google Chrome and Mozilla Firefox.
- Application Guard supports Microsoft Office.
- Dynamic navigation support "to navigate back to their default host browser from the Application Guard Microsoft Edge".
- Application Control:
- WDAC supports multiple simultaneous code integrity policies.
- Path based rules.
- Allow COM object registration.
- Windows Hello improvements:
- Official FIDO2 support across all major browsers, Microsoft Account and Azure AD.
- Passwordless sign-in for Microsoft Accounts.
- Safe Mode supports Windows Hello PIN sign-in.
- Windows Hello for Business supports Hybrid Azure Active Directory.
- Added support for virtualization-based security to secure "a user's biometric authentication data".
- Multi-camera support added.
- Remote Desktop with biometrics support.
- Windows Defender Credential Guard supports ARM64.
- Microsoft privacy settings: new notification icon when apps use the microphone.
- Microsoft Intune supports Windows 10 Enterprise LTSC 2021 (except for Windows Update Rings in device profiles).
- Mobile Device Management policies extended with "new Local Users and Groups settings".
- New Key-rolling and Key-rotation features that enable "secure rolling of Recovery passwords on MDM-managed AAD devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive.
- SetupDiag command line tool to analyze why the installation of updates failed.
- Support for Reserved Storage.
- Microsoft Edge Kiosk Mode support.
- Windows Subsystem for Linux is available in-box.
- Support for WPA3 H2E standard.
You can check out Microsoft's What's New support article here.
Now You: Which edition of Windows do you prefer?
The biometric ‘conspiracy theory’ nightmare is slowly turning into a reality. Souless slaves micro-managed by a remote, technocratic junta. If you act, say, write or think anything wrong you will be turned off in an instant and become a social leper in the blink of an eye. I am staggered at how easily they have managed to coerce, once organic humans, into becoming automatons with the soul of the factory and the spirit of the microchip.
God help our children!
Is there any known way to switch from normal Enterprise version to LTSC without reinstalling everything?
LTSC 2019 or 2021 – which ones is more stable and less crappy?
LTSC 2021 iso is now available along with an update to the handy ‘Windows and Office Genuine ISO Verifier v.11.10.23.21’.
A bunch of new Defender hooks into everything. Tracks Firefox usage now too if you let it. If you used to install LTSC to avoid MS spyware you’re going to have to disable a lot of stuff in this new version.
It will be the last half decent version of Windows. Things are getting worst with 11. Disabling Defender and all the cloud-based crap is getting much harder. Windows 11 was designed by marketing dept folks who wanted crap that looked pretty but was not functional at all. Windows 11 is the least product version of Windows in a long time. More clicks, more useless nonsense thrown at you.
I completely removed Windows Defender from LTSB 2016 because it kept slowing things down and getting in my way, always scanning files (especially downloads) as if I don’t know what I’m doing and need Microshaft to tuck me into bed at night and whisper to me that my files are safe.
I’ll have to test if my usual methods still work in LTSC 2021. At least it comes with WDDM v2.9 so unless support for W10 is dropped altogether in favor of W11, the latest graphics drivers should still continue to work for the foreseeable future. Previously I had to move to LTSC 2019 on my HTPC because compatible drivers for my GTX 1650 would not install on LTSB 2016. Maybe related to the Universal Driver API introduced with WDDM v2.5 (Windows 10 1809).