While there’s a lot of talk about Windows 10’s new features for consumers, the forthcoming Anniversary Update also adds a pair of advanced security capabilities aimed at helping IT managers better lock down the computers in their organization.
Windows Information Protection aims to make it possible for organizations to compartmentalize business and personal data on the same device. It comes alongside the general release of Windows Defender Advanced Threat Protection, a system that uses machine learning and Microsoft’s cloud to better protect businesses after their security has been breached.
The two features are part of Microsoft’s push to position Windows 10 as an operating system for security-conscious companies at a time when attacks against businesses seem to be more prevalent than ever. That could be a major selling point at a time when Microsoft is working hard to try and drive companies to deploy the new OS.
Using Windows Information Protection, companies can encrypt their data on employee devices using keys that are controlled by IT. Doing so is supposed to bring several benefits, including the ability to selectively wipe only company data from a personal device when an employee leaves the company.
Companies can also set policies about which applications can be used to handle business data, so users can’t live-tweet the content of a company’s HR system, for example. The whole system is designed to bring Windows 10 in line with the reality that many employees use their mobile devices for both personal and business use.
For businesses to use Windows Information Protection, they’ll need a Windows 10 Enterprise E3 subscription, which costs $7 per user per month.
While Windows Information Protection is designed to help proactively guard company data, Windows Defender Advanced Threat Protection is supposed to help companies detect and contain security breaches. It uses a combination of software running on client devices and a Microsoft cloud service to alert companies when it looks like their systems have been hacked.
Once the system has detected a breach, it suggests steps that IT managers can take to solve the problem. That’s important, according to Rob Lefferts, director of program management for Windows Enterprise and Security. Attackers will often try to place multiple back doors in a company’s systems once they’ve broken in, and failing to get them out will cause problems.
Windows Defender ATP requires a company be subscribed to the more expensive Windows 10 Enterprise E5 service, which is meant for companies looking for premium Windows 10 add-on features. Microsoft won’t disclose the pricing publicly, but said its companies can find out more by asking one of its partners.
It will be interesting to see how these features affect the rate at which businesses adopt Windows 10—if at all. Microsoft is betting big on security’s enterprise appeal to try and get businesses to upgrade, but these advanced capabilities require both an investment of time and money in order to get off the ground.