Skip to content
Light Mode Dark Mode
October 24, 20177 min read

How to Deploy Surface Driver and Firmware Updates with ConfigMgr 1706

AdobeStock_256229414 1

Ready for the latest version of Windows? The Windows 10 Fall Creators Update—aka 1709—is here! Below, I’ll give you a high-level view of (almost) everything of interest in the new release as it applies to IT Pros. If you want to know more, I provide all the links you need to quench your thirst for knowledge.

Phased Rollout

Microsoft is doing a phased rollout, as they do with almost everything nowadays. Microsoft has outlined the release plans for the Fall Creators Update in this blog, which also contains this nifty graph.
Fall Creators Update

What’s Out

Microsoft has removed:

  • EMET (as a download)
  • Trusted Platform Module (TOM) Owner Password Management
  • Resilient File system (ReFS)*
  • Reader App

They have deprecated:

  • Paint (Goodbye old friend!)
  • PowerShell 2.0
  • Screen saver functionality in Themes(ReFS)*

To be clear on that last point. screen saver functionality in Group Policies, Control Panel, and Sysprep is now deprecated. However, it continues to be functional. Lockscreen features and policies are preferred.

For all the details, visit this Microsoft support article.

What’s New…

Windows Insider for Business gets Azure AD Domains
To stay ahead of the curve on all features and releases, join the Windows Insider for Business Program. That’s old news. What’s new is that now you can register your Azure AD domains to the program.

Windows AutoPilot
Traditionally, when a new computer arrives at a company, the first thing to do is wipe out Windows and apply the latest company image. Microsoft aims to simplify that process with Windows AutoPilot. When you get a new system, you can use the image it has, clean it up, and set it up per your company’s standards—no re-imaging.

AutoPilot supports a cloud-driven scenario using the Windows AutoPilot Deployment Program. For those seeking more control, it also supports an IT-driven scenario to automate the process on-premises or using a traditional cloud-based solution. In the latter scenario, you would use the Windows Configuration Designer to create a provisioning package for Windows 10.

Automatic Redeployment
This cool feature can automatically return a computer that an employee has been using to an IT-approved state. Automatic redeployment will quickly remove personal files, apps, and settings, and reset Windows. It includes management enrollment (Azure Active Directory and device management). Note that it does require AAD support, though 1803 will allegedly have support for legacy AD.

It keeps:

  • OOBE choices – Sets the region, language, and keyboard
  • Wi-Fi connections
  • Certificate
  • Original object in AAD + Intune

It adds some advanced shininess:

  • You can provide a new provisioning package at reset time
  • Wi-Fi connections
  • Certificate
  • Original object in AAD + Intune

MDM Enrollment Enhancements

A whole slew of minor capabilities were added to MDM enrollment as Microsoft continues to improve this technology. You can see a full list in Microsoft docs here. (Apologies to anyone at Microsoft who feels they’re not minor, please email me and I’ll call out your favorite new enrollment enhancements!)

With MDM enrollment of Windows-based devices:

  • Each user sees installation progress of critical policies during enrollment
  • Users can know what policies, profiles, apps MDM has configured
  • The IT helpdesk staff can get detailed MDM diagnostic information using client tools

1709 ADK Answer File Settings

Microsoft has changed answer file settings for the Windows Assessment Development Kit (ADK) in Windows 10 1709 for desktop editions. You can see all the details here.

1709 Security Baselines Notes

Microsoft is has added new security baselines for Windows 10 1709, and they’ve also created a new Windows Security Baselines landing page to help make your life easier. I’ve noted a couple of the new capabilities here, and the full list is available in this Microsoft Security Guidance blog.

A few noteworthy additions include:

  • Exploit Guard’s Network Protection feature to prevent any application from accessing web sites notes as dangerous. This extends SmartScreen-type protection to all programs, even third-party browsers.
  • Device must already have Windows 10 Pro version 1703 or later installed and activated
  • Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect (no workgroup-joined devices)
  • Support for bare metal via script
  • Only available for Semi Annual Channel (LTSC not supported)
  • Requires Internet Connection
  • Will check in every 30 days, if unsuccessful grace period is 90 days before device is downgraded

Administrator Templates

The new release includes updated Administrative templates. These .ADMX files make it easy to manage registry-based policy settings.

Windows 10 Subscription Activation
This feature lets a company upgrade Windows 10 Pro devices to Windows 10 Enterprise, providing of course that they have licenses. You can get licensing and other details from this Microsoft doc.

Some highlights:

  • Device must already have Windows 10 Pro version 1703 or later installed and activated
  • Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect (no workgroup-joined devices)
  • Support for bare metal via script
  • Only available for Semi Annual Channel (LTSC not supported)
  • Requires Internet Connection
  • Will check in every 30 days, if unsuccessful grace period is 90 days before device is downgraded

Windows Defender

Many Windows 10 security features have been rebranded with the “Windows Defender” name. These include:

  • Windows Defender Device Guard is the feature formerly known as Device Guard.
  • Windows Defender Credential Guard, formerly Credential Guard.
  • Windows Defender Exploit Guard has many of the threat mitigations from the Enhanced Mitigation Experience Toolkit (EMET), but brings a whole new set of intrusion prevention capabilities.

Check out Windows Defender Exploit Guard.

Files on Demand

This is pretty sweet for OneDrive users, and now it’s built into Windows. You can see all your online files in File Explorer, and even work with them just like every other file on your device—even if you have not downloaded them.

This feature is cool enough to merit a screenshot. The “scripts” folder has the cloud icon, meaning it’s in your library, but not downloaded to your PC. To download it, double-click. The green checkmark files are downloaded to your PC. If you want to free that space up, but leave the file in OneDrive, right-click and pick “Free up space.”
Folder structure showing cloud files not downloaded to your PC.

Windows Subsystem for Linux (WSL) Goes Gold

In the past, this capability was beta-only, but now it’s a full-fledged and supported part of Windows 10. Microsoft developed a kernel interface that can run a Linux distribution, such as SUSE, Fedora, Ubuntu, etc.

This can let you manage Windows 10 systems using Bash shell/command language with sed, awk, and all other command line tools familiar to Linux folks. You can access language interpreters like Ruby, Python, etc. Of course, that’s just the tip of the iceberg because it’s Linux for goodness sake!

The new features in the GA release include:

  • Install Linux distros via the Windows Store
  • WSL now runs multiple Linux distros
  • WSL comes to Windows Server & Microsoft Azure VMs
  • WSL now supports USB/serial comms
  • Miscellaneous fixes and improvements

You can learn more about WSL and what’s new in this Microsoft blog.

Delivery Optimization (DO)

A new settings UX for Delivery Optimization shows bandwidth savings and activity for uploads and downloads. You can also set more granular controls.

Link your Phone and PC

Microsoft’s attitude toward the phone market seems to be, “If you can’t beat ‘em, join ‘em.” It’s old news that Microsoft has all but given up on Windows 10 for phones—they won’t be adding new features. The good news is, they are making life way better for Android and iOS users.

Windows 10 1709 lets you link your phone and your PC to take advantage of all new functionality regularly added to Android and iOS apps, such as Continue on PC. The recent release of Edge for iOS and Android is clearly part of a broader strategy to enable those platforms with Microsoft technologies.

Rounding it Out

In addition to all this, Microsoft has delivered enhancements to Cortana, the Edge browser, and the Windows interface. They introduced Mixed Media Reality, creating a unified platform for augmented reality such as HoloLens and virtual reality. They’ve enhanced Kiosk Configuration so you can configure multi-app kiosks using a provisioning package. Security features like Windows Hello, Windows Information Protection, and BitLocker have all been improved. Windows 10 also gets a new network stack.

So, if all the Microsoft content linked above has not sated your thirst for knowledge then, OF COURSE, I have more links. To learn even more, you can reference these resources from Microsoft:

What’s new in Windows 10, version 1709 IT Pro content: Rundown for IT pros.
What’s New in Windows 10: See what’s new in other versions of Windows 10.


Ready to Get Started?

Schedule a one-on-one demo today.

Request a Demo