Microsoft's Windows 10 Enterprise 2019 Long-Term Servicing Channel, released in late 2018, includes a number of improvements over the previous release, including new and enhanced features related to security, deployment, configuration, management and analytics.
These changes put the LTSC edition on par with the Windows 10 Enterprise 1809 build, which released as part of the Semi-Annual Channel program. IT admins should understand the benefits and drawbacks of this Windows 10 version.
Windows 10 release channels
Microsoft supports two primary Windows 10 release channels: the Semi-Annual Channel and Long-Term Servicing Channel, formerly Long-Term Servicing Branch. The Semi-Annual Channel program is the more common of the two and the one Microsoft recommends for most enterprise customers. Windows 10 devices receive feature updates twice a year, as well as monthly updates that include security patches, bug fixes and optimizations.
The LTSC program is geared toward customers that need more stability and predictability than the Semi-Annual Channel program can offer. Organizations that run medical systems or industrial process controllers might need the LTSC editions to maintain sensitive applications that require a stable environment.
The Windows 10 Enterprise 2019 LTSC release offers 10 years of service and support along with a guarantee that features and functionality will remain stable over the long term. Because of this, the OS does not include certain features that come with the Windows 10 Semi-Annual Channel release such as Edge, Cortana, OneNote or other applications that change over time.
LTSC customers receive security and quality updates through the 10-year lifespan. Additionally, they can upgrade to new LTSC releases, which come out about every three years. Each release contains the majority of features introduced to Windows 10 since the previous release.
The Windows 10 Enterprise 2019 LTSC release includes a number of enhancements that affect security. Many of these improvements are related to Windows Defender Advanced Threat Protection (ATP), which prevents, detects and responds to threats. The platform includes an improved attack surface reduction feature that makes it easier to add blocked apps. Windows Defender ATP also supports new policies to enhance cloud-based protections.
Windows Defender Firewall now supports Windows Subsystem for Linux processes. Administrators can add specific rules to Windows Subsystem for Linux and create process-specific notifications. Windows Defender Antivirus shares detection status information between Microsoft 365 services and works with Windows Defender ATP.
The 2019 LTSC release also adds improvements to endpoint protection and response. Microsoft has enhanced OS memory and kernel sensors to safeguard against in-memory and kernel-level attacks. Microsoft also offers a new API for creating custom threat intelligence alerts. Windows Defender ATP adds analytical reports that identify emerging threats and outbreaks as well as recommend actions to prevent or contain threats.
The latest LTSC release also brings improvements to Windows Information Protection, BitLocker, Windows Hello for Business, Credential Guard and Ransomware Detection. Microsoft released new security baselines and policies as well as expanded its documentation library for security admins.
Management features of Windows 10 Enterprise 2019 LTSC
The 2019 LTSC release adds new and updated features to deploy and manage Windows 10 desktops. The release includes Windows Autopilot, a device lifecycle management service that enables zero-touch Windows 10 deployments. The platform makes it possible to use Intune to lock a device during provisioning.
Administrators can run custom scripts in parallel with Windows Setup. The Windows 10 Enterprise 2019 LTSC release includes mbr2gpt.exe, a command-line utility for converting a disk from a master boot record to a GUID partition table without modifying or deleting data. Microsoft also added new deployment image servicing and management commands to support OS uninstall operations.
Microsoft added policies to Intune and System Center Configuration Manager to enable Azure Active Directory hybrid authentication. Additionally, Windows Configuration Designer supports bulk device enrollment in Azure Active Directory. Admins now have greater control over updates with Windows Update for Business, allowing the ability to pause or uninstall an update.
Microsoft enhanced the mobile device management (MDM) features built into Windows 10 LTSC by adding over 150 policies and settings. Administrators can now configure hundreds of Group Policy settings through mobile device management policies. The latest LTSC release includes a new MDM Migration Analysis Tool that determines which Group Policy settings are configured, and Message Analyzer, which identifies issues and finds the root cause.
Microsoft also added capabilities to Update Compliance, a Windows Analytics program that allows IT to monitor security, quality and feature updates. Administrators can monitor the Windows Defender protection status and optimize bandwidth for deploying updates. The release also offers Device Health, an analytics tool that identifies devices and drivers that frequently crash.
The Windows 10 Enterprise 2019 LTSC release includes the cumulative enhancements incorporated into Windows 10 versions 1703, 1709, 1803 and 1809.