Windows 10 Enterprise LTSC 2019
-
Microsoft Intune:
Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes support for features such as Windows Autopilot. However, note that Windows Update for Business (WUfB) does not currently support any LTSC releases, therefore you should use WSUS or Configuration Manager for patching.
-
Security:
This version of Windows 10 includes security improvements for threat protection, information protection, and identity protection.
-
Threat protection and Microsoft Defender for Endpoint:
The Microsoft Defender for Endpoint platform includes the security pillars shown in the following diagram. In this version of Windows, Defender for Endpoint includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management.
-
Attack surface reduction:
Attack surface reduction includes host-based intrusion prevention systems such as controlled folder access. This feature can help prevent ransomware and other destructive malware from changing your personal files.
-
Windows Defender Firewall:
Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes.
-
Endpoint detection and response:
Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus detections and Device Guard blocks being surfaced in the Microsoft Defender for Endpoint portal.
-
Windows Information Protection:
Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection. For more information, see Deploying and managing Windows Information Protection (WIP) with Azure Information Protection.
-
BitLocker:
The minimum PIN length is being changed from 6 to 4, with a default of 6.
-
Identity protection:
Improvements have been added are to Windows Hello for Business and Credential Guard.
-
Windows Hello for Business:
New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you are not present.
Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro (version 1809) adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as:
The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 (versions 1703, 1709, 1803, and 1809).
Windows LTSC version is a special Windows edition with long-term support. In the Windows LTSC versions (earlier they were called LTSB – Long-Term Servicing Branch) Microsoft focuses on system stability.
In Windows 10 Enterprise LTSC 2019, the operating system doesn’t have the following features
There is no hardware support for VP9/HEVC ( used on YouTube, encrypted video streams – Netflix, Amazon Video, etc.).
Preinstalled UWP apps (apps from Microsoft Store, both official and third-party ones). Even a Photo Viewer must be enabled manually;
In addition, Windows 10 LTSC Start Menu is empty – you won’t see any icons of preinstalled apps. Because of the absence of unnecessary UWP apps, you don’t need to update them (the system downloads and installs only critical security updates), and there is fewer active processes number in the Task Manager. This is why Windows 10 LTSC may be installed on old models of PCs or laptops with 2 (or even 1!) GB of RAM. It also takes up less disk space.
Since Windows 10 LTSC is based on the Enterprise edition, there is a set of all necessary software and features to be used in corporate networks (Windows To Go, AppLocker, Local Group Policy Editor – gpedit.msc, you can join this Windows edition to the Active Directory domain, integrated Microsoft Application Virtualization (App-V) support and User Environment Virtualization (UE-V), Device Guard and Credential Guard, DirectAccess, Branch Cache, advanced telemetry management options, etc.).