From the previous Know It, Prove It event from MVA, I was brought to Getting Started with Windows 10 for IT Professionals course in which I had additional technical knowledge from. However, certain courses still make use of the non-final stage versions of the Windows OSes. Features such as Windows Update for Business, Windows Store for Business, Mobile Device Management, Azure Active Directory Join, Credential and Device Guard and Windows Hello were what I knew things about from the course. But don't expect questions from you about how much I know of these enterprise exclusive features as some of the features are quite new.
Windows Store for Business has the enterprise exclusive apps you can buy for your business and there's also the Company Portal which is based on Windows Store except it takes place on-premise which is inside the organization run by the company data center where employees can gain access to. Windows Update for Business allows the IT Professionals to control which updates can be deployed to the production environment and which ones can't based on the patch testing in the test lab environment to see which if there are any bulky updates. Not to mention that there are also newer builds of Windows 10 which may pose challenge to IT Professionals themselves. Newer builds may feature improvements as well as newer stuffs available in Windows 10 but it was an absolute shame that Microsoft released Windows 10 in an incomplete state that they keep on milking it with later builds that are still available for Windows Insiders.
Next is the security problem at the hardware level. There may be rare chances that the malware attacks may take place the moment the computer is turned on like it may take place at the kernel level of the system even before the OS is booted and there are already questions about whether to use the pre-boot passwords or not. It turned out, you don't need to prepare pre-boot passwords as there are already other ways to secure a Windows 10 machine at a hardware level. Another security problem takes place at a corporate level like data leakage. It has been on-going but most of the data leakages are accidental. It may be due to minor technical or human errors but minor or not, things can be worse when that happens. What I saw from that MVA course had the interesting concept where corporate apps and personal apps are kept separate on the same device. Of course, VMWare already came up with the same technology for the Android devices that are suited for BYOD and it is where MDM comes in handy. Unfortunately, that MDM-like feature for Windows 10 is under testing and will be available soon to Windows Insiders and I don't know if that course will be updated with the final version of Windows 10 along with the final versions of the features all mentioned in the course.
About Windows Hello, it uses the camera with IR illumination similar to Kinect or Intel Realsense. The important criteria to get yourself identified is that your body must be live and that it is done through facial or iris recognition. Even if there's a change in your body, chances are, you still can get identified and especially for how dark the environment is. For Microsoft Passport, it makes use of network, software and websites to make use of PIN or bio-metric to authenticate users without the need for the password.
Lastly, you can use Group Policy, MDM, Windows ICD or Unattended for turning off the telemetric features in Windows 10 but this may be a challenge when it comes to deploying the OS with those things off for the corporate environment. I think that my choice will be Group Policy level that will be part of Windows 10 test deployment. You can add the GPOs in System Center Configuration Manager or Deployment Toolkit which I use for Lite-Touch deployment. Unfortunately, some of the features may have to be turned off manually even with Group Policy or any other methods.
