
Security features in Windows 10
Some of the top security capabilities in Windows 10 include the following. Device Guard- Designed to allow only trusted applications to run
- Applications must be signed by a trusted signature, but businesses can sign their own software or software purchased from third parties
- Key services are isolated in a virtual container to prevent spoofing legitimate signatures
- Stores domain credentials in a virtual container
- Aims at protecting against Pass-the-Hash attacks
- Provides a two factor authentication mechanism to log into the OS
- Can use biometric or facial recognition
- Additional functionality to Defender’s AV/AM software
- Designed to help see threats across an organization
- Every Windows 10 machine running AT Protection becomes an additional tracking node
- Provides actionable intelligence as part of the OS
- These features are free with Windows 10
- Updates are included as part of standard OS update procedures
- By collecting data from all Windows 10 machines running these features, they can react to threats and provides updates quickly
- Some of these features require Secure Boot, 64bit virtualization support, Unified Extensible Firmware Interface (UEFI) firmware, and the Trusted Platform Module (TPM) chip
- “Standard” technology often do not meet these requirements, (for example older hardware or “light weight” laptops)
- Implementing these features will likely affect existing workflows
Is there room for a commercial least privilege solution?
And as we dig in a bit deeper we must take other factors into account where a commercial solution like PowerBroker for Windows is still required. Consider the following:- REGARDLESS OF HOW MANY LAYERS YOU PUT IN FRONT OF A MAL-INTENTED USER, HAVING ADMIN RIGHTS REMAINS THE ACHILLES HEEL OF COMPUTER SECURITY
- PowerBroker for Windows is still required for true Application Rights Management for security and operations teams
- Most of these features are new. We don’t yet know all the limitations, effects to the enterprise, and the real security of those features. Microsoft has never created an un-breachable feature after all
- Historically, Microsoft features embedded into the OS have lacked true enterprise functionality
- A full upgrade to Windows 10 will take time, and PowerBroker for Windows works across multiple operating systems, as well as with the BeyondTrust PAM/VMS suite

Jason Silva, Sr. Solutions Architect
Jason Silva is a Senior Solutions Architect focused in Privilege Access Management (PAM), Identity and Access Management (IAM), and Least Privilege. Jason brings over 25 years of experience in solutions management to BeyondTrust's Privileged Access Management Solutions enforcing Privileged Password Management and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects including Automated Account Discovery, Privileged Management and Elevation, Audit and Compliance, and Reporting.