Windows 10 Enterprise comes with quite a few interesting features that Windows 10 Pro lacks. In this post, I summarize these additional features and link to further information.

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

Microsoft published a table that compares Windows 10 Home, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. I don’t cover the Home edition in this article. As in previous Windows versions, the main feature that the Home edition lacks is the support for Active Directory.

It is interesting to note that, in Windows 10, Microsoft further separates the Pro edition from the Enterprise edition with additional security features.

Direct Access ^

Direct Access was introduced in Windows 7. It allows users to connect securely through the public Internet to the corporate network. The main advantage compared to conventional VPN solutions is that the connection is automatically initiated before users log on. It is also relatively easy to set up.

Windows To Go Creator ^

Windows To Go is a Windows edition that can boot from a USB device. It enables users to use their Windows workspace on multiple computers. On Windows 10, you can launch the Windows To Go Creator by just typing “Windows To Go” in Start Search. Windows To Go was first introduced in Windows 8.

Windows To Go creator

Windows To Go creator

AppLocker ^

With AppLocker, administrators can whitelist and blacklist applications. With the help of Group Policy, you can restrict the programs that can be executed in your Active Directory domain.

BranchCache ^

BranchCache is a caching technology that was introduced in Windows 7 and Windows Server 2008 R2. Branch offices that are connected over a slow WAN link to central servers can cache content from web and file servers. In Windows 10, BranchCache logging has been improved.

Start Screen Control with Group Policy ^

Even though Microsoft’s comparison table calls the feature Start Screen Control, the proper name for this feature in Windows 10 is Start Layout because the Start screen is no more. You can export the Start layout with the help of a PowerShell command and then deploy the configuration via Group Policy.

Windows 10 Start Layout

Windows 10 Start Layout

Granular UX Control ^

I wasn’t able to find any official information about this new Windows 10 feature. Some sites describe it as a method to lock down the user interface so that the machine only serves a specific task, such as a kiosk computer. However, it appears to be something different from Assigned Access because the latter is also supported by Windows 10 Pro. Please let me know if you have better information.

Credential Guard ^

Another new feature in Windows 10 Enterprise is Credential Guard. It uses the Hyper-V hypervisor to isolate the Local Security Authority (lsass.exe) process, which enforces security policies. The task of Credential Guard is to protect domain credentials (not local accounts). Johan Arwidmark describes the feature in detail and explains how to configure it.

Device Guard ^

Credential Guard Group Policy

Credential Guard Group Policy

Device Guard ^

Device Guard is yet another new security feature in Windows 10 Enterprise. Like AppLocker, it allows admins to restrict the execution to trusted applications. The main difference between AppLocker and Device Guard seems to be that Device Guard uses virtualization technology to isolate the process that determines whether apps are trusted or not. In addition, it leverages Secure Boot, User Mode Code Integrity, and new kernel code integrity rules to make the life of malware programmers harder.

Long Term Servicing Branch ^

The Long Term Servicing Branch (LTSB) edition of Windows 10 Enterprise only receives security updates and hotfixes (not feature updates) through Windows Update. Microsoft will periodically release new LTSB builds that will contain new features. You could say, the LTSB edition handles feature updates in a way that is similar to how previous Windows versions did so. Another difference in the common Windows 10 Enterprise edition is that it comes without provisioned Windows apps (except Edge and Cortana). Note that no LTSB edition exists for Windows 10 Education, whereas all other enterprise features are also available for educational institutions.

Conclusion ^

Granular UX, Credential Guard, and Device Guard are new security-related features in Windows that small and mid-sized businesses will have to live without. Direct Access and AppLocker are also security features that Windows Pro lacks. I wonder if it is really true that only enterprises have higher security needs these days.

Which Windows 10 edition will you deploy in your network, and why?

Are you an IT pro? Apply for membership!

Your question was not answered? Ask in the forum!

1+
Share
2 Comments
  1. Harry Bijl 4 years ago

    I just discovered that Start Layout does NOT work with Windows 10 Pro. You need Enterprise or Education. Grrr. So, this probably mean.. there will be more Group Policies that will not work in Windows 10 Pro, meaning Microsoft forces you to check every policy or... to move to the Enterprise edition to avoid unpredictable disappointments. Until now, I could not find a list of GPO's that do not work for Windows 10 PRO unfortunately. The Start Layout is the first one I discovered. See the article: https://technet.microsoft.com/en-us/library/mt431718(d=printer,v=vs.85).aspx

    0

  2. hamid 2 months ago

    inundated with useless options

    all i want is to not have bloatware and malware from microsoft.  that's my first and foremost priority, even superseding ransomware attack, which is my second priority

    so i am looking at what "business updates" means.  does this mean microsoft will not try to change my configuration settings without my consent

    i need an operating system for my office network that doesn't have bejeweled and mindcraft or the microsoft store on my workstation toolbars

    wtf are all these useless options and features ?  the list of options is endless (this is a figure of speech).  why doesn't microsoft explain to us what the feature is for and why will i need it, and how will i use it ?  chances are, the m.s. engineers are in a meeting brainstorming, not even realizing that i don't want to have to deal with 1. their product enhancements and features, and 2. ransomware

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account