Book Image

Windows 10 for Enterprise Administrators

By : Richard Diver, Manuel Singer, Jeff Stokes
Book Image

Windows 10 for Enterprise Administrators

By: Richard Diver, Manuel Singer, Jeff Stokes

Overview of this book

Microsoft's launch of Windows 10 is a step toward satisfying enterprise administrators' needs for management and user experience customization. This book provides enterprise administrators with the knowledge needed to fully utilize the advanced feature set of Windows 10 Enterprise. This practical guide shows Windows 10 from an administrator's point of view. You'll focus on areas such as installation and configuration techniques based on your enterprise requirements, various deployment scenarios and management strategies, and setting up and managing admin and other user accounts. You'll see how to configure Remote Server Administration Tools to remotely manage Windows Server and Azure Active Directory. Lastly, you will learn modern mobile device management for effective BYOD and how to enable enhanced data protection, system hardening, and enterprise-level security with the new Windows 10 in order to prevent data breaches and to impede attacks. By the end of this book, you will know the key technologies and capabilities in Windows 10 and will confidently be able to manage and deploy these features in your organization.
Table of Contents (11 chapters)

Device Health Attestation

Already Windows 8.0 introduced a new possibility of evaluating the health of the boot process called Measured Boot, a recorded variant of the Secure Boot. But the suitable enterprise counter part for checking the health data and enforcing access control was not available at that time.

With Windows 10 1511 the technique was named as Windows Provable PC Health (PPCH) and later on with Windows 1607 and newer renamed to DHA. On Windows Server 2016 the counterpart is named Health Attestation Service (HAS).

But what does DHA exactly? It will combine Secure Boot, VBS, ELAM, and protection of your early-boot drivers and measures them with the help of your TPM 2.0. These measured boot data results are collected by the health attestation configuration service provider (CSP) and sent to a Remote HAS for verification/comparison against current policies:

The health...