Insights

April Update: What’s New with Windows 10 1803

by

Windows 10 1803, the April update, was released on April 30th. After some initial delays, we are finally able to get our hands on it and try out the cool new features.

Let’s take a look at a selection of the features that have sparked my interest. I’ve broken it down into a few groups: the big changes, things of particular interest to IT pros, and some nice improvements.

The “Big Deal” Stuff

Timeline

On first view, you may notice that the Task View icon on the taskbar has changed. Let that entice you to take advantage of Timeline.

As before, you’ll see all applications that you have running and have the ability to create new desktops. Now though you have the added extra, a timeline of activity where you can quickly access items you were working on previously.

If you scroll to the bottom of the timeline, you have the option to switch on synchronisation across multiple devices so you can pick up your activities on another device. Timeline works with supported applications and browsers, Office apps and Edge for starters. Hopefully this feature will grow over time as more developers support it.

Windows 10 in S Mode

Windows 10 S mode is a streamlined version of Windows 10, running only Microsoft Store apps and IE and Edge browsers. It uses Bing as the default search engine and cannot run Win32 apps. It is streamlined for security and performance.

Prior to 1803, Windows 10 S was a separate edition. Therefore, a separate image was required for implementation. With 1803, it’s been renamed S mode. S mode can be enabled on more editions of Windows 10, including Enterprise.

To enable S mode, use an unattend.xml, add the amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing and set amd64_Microsoft_Windows_CodeIntegrity\SkuPolicyRequired to 1.

Deploying Kiosks and the Kiosk Browser

Microsoft is making further enhancements to the simplification of configuration and management of Kiosk devices. With Windows 10 1803, you can deploy devices with Intune, in single or multi app mode.

You can download an Edge based kiosk browser from the Microsoft Store for Business, which is specifically designed to be used in retail and signage scenarios.

New features added in the Windows 10 1803 baseline include:

  • The ability to support multiple screens
  • Enforcement of MDM policy prior to allowing assigned access
  • A simplified process to create an auto-logon account, to return a device to a chosen state post reboot
  • Configuration of the Kiosk Browser to a default URL, without displaying a UI

Kiosk mode is a cool feature to try out. You can be up and running with a simple Kiosk within minutes via Intune.

Kiosk mode running Maps

The “Make IT Pros Lives Easer” Stuff

Security Enhancements

As with any baseline release of Windows 10, Microsoft has released the latest set of security baselines. These include the importable GPO’s, scripts for applying and custom ADMX files.

They are available from here https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-for-windows-10-april-2018-update-v1803-final/. The baseline download includes a spreadsheet of differences in policy from the 1709 build. The complete set of ADMX templates can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=56880.

Windows Analytics

If you are taking advantage of Windows Analytics, the Update Compliance from the Solution Gallery now has the ability to give you insights into your Delivery Optimization set up and assess the bandwidth consumed by Windows Updates.

The dashboard blades give you information on download configuration for devices, percentage of bandwidth savings for each update category and total amount of data per content type in a peer versus non peer view.

Upgrade Readiness has added in reporting for Spectre and Meltdown vulnerabilities across your environment.

The information provided in the Upgrade Readiness blades can determine if your devices have Windows OS and firmware with mitigation in place, or if the antivirus software can remediate these vulnerabilities.

Microsoft notes that they are working on enhancing the information provided by Upgrade Readiness. It’s currently possible for a lot of ‘Unknown’ or ‘to be determined’ statuses to be reported. Microsoft recommends that your endpoints can reach http://adl.windows.com as a priority action.

Feature Update Improvements

To assist with smoothing the process for Feature Updates on BitLocker-enabled devices, Microsoft has released new command line switches to control BitLocker through the upgrade process.

Setup.exe /BitLocker AlwaysSuspend
– Always suspend bitlocker during upgrade.
Setup.exe /BitLocker TryKeepActive
– Enable upgrade without suspending bitlocker but if upgrade, does not work then suspend bitlocker and complete the upgrade.
Setup.exe /BitLocker ForceKeepActive
– Enable upgrade without suspending bitlocker, but if upgrade does not work, fail the upgrade.

The following requirements must be met to use the new commands.

  • The device being upgraded must be running a minimum of Windows 10 1709
  • The device must be set up with Secure Boot and have a TPM chip
  • BitLocker must be configured with TPM only
  • The user profile folders can’t be on a separate BitLocker-protected partition

Beginning with 1803, it’s also possible to run a script if a user rolls back the version of Windows recently installed. To achieve this, the PostRollback option is used.

/PostRollback [\setuprollback.cmd] [/postrollback {system / admin}] The following DISM commands have also been added to help manage feature updates.
DISM /Online /Initiate-OSUninstall
– Initiates a OS uninstall to take the computer back to the previous installation of windows.
DISM /Online /Remove-OSUninstall
– Removes the OS uninstall capability from the computer.
DISM /Online /Get-OSUninstallWindow
– Displays the number of days after upgrade during which uninstall can be performed.
DISM /Online /Set-OSUninstallWindow
– Sets the number of days after upgrade during which uninstall can be performed.

OS Uninstall Period

The period of time a user has to be able to rollback a version of Windows 10 can be customized with Windows 10 1803. This can be achieved via Intune or by using the DISM command above.

AutoPilot

Microsoft continues to invest in AutoPilot with Windows 10 1803. In this release, you are now able to lock the device being deployed during the out of box experience (OOBE) phase to ensure that all policies and settings are applied before allowing usage of the device.

AutoPilot is now available via Surface, Lenovo, and Dell devices, and more OEM partners due in the coming months. I expect big things over the coming releases in the AutoPilot space.

Language packs/features on demand via the Unified Update Platform (UUP)

The UUP is a next generation delivery technology aimed at reducing the download size of build updates. With Window 10 1803, language packs, features on demand and other components are managed by UUP, reducing their footprint in your environment.

Subscription Activation

From 1803, Windows 10 includes inherited activation, meaning that any Windows 10 virtual machines will inherit their activation status from the host device

Co-management

A plethora of new policies are available in Microsoft Intune and System Center Configuration Manager to enable hybrid Azure AD-joined authentication. New MDMWinsOverGP policies have been added to assist with the transition from on premesis to cloud based management.

Some Nice Additions and Enhancements

Focus Assist

Previously, this feature was known as Quiet Hours. In 1803 we have Focus Assist, a cool way to cut down noise and notifications, to remove the distractions whilst you are working. You can quickly change between different notification settings via the Action Center.

The choice of settings that you can apply to a device is located in the Focus Assist area in Settings>System. Notifications can be set to, Priority only, Alarms only as well as allowing everything through.

Emojis Anywhere

A final, fun feature, is the addition of Emoji’s wherever you want to use them. Just press the Windows key + “.” or “;” to bring up the choice of Emojis.

To apply an Emoji, click the ones you want. Depending on the application you are using, take a look on your screen for this window,where you can finalize your string. Press the green arrow to insert your Emojis.

For Even More Information

There are so many new features for Windows 10 1803 that I recommend that you take a look at the following documents from Microsoft that list all the new cool content.

What’s new in Windows 10, version 1803 IT Pro content
https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1803

What’s new in Windows 10, version 1803
https://docs.microsoft.com/en-us/windows-hardware/get-started/what-s-new-in-windows

For a deeper dive into Windows 10 1803’s security features, you may want to check out this webinar by Sami Laio
http://www2.adaptiva.com/downloads/webinars/2017-04-27/windows-10-application-security

Please feel free to tweet me as well with questions, or just to let me know how you’re getting on with the latest Windows. You’ll find me at @SCCMentor.

Paul Winstanley
Microsoft MVP and SCCM Consultant.

Get free education resources and more at the Adaptiva Academy

Get Free Stuff