Windows 10 IoT Enterprise: Security

Microsoft even focused its development on the fields of security and is expanding its Internet of Things to the benefit of all users. Especially device and data security both come off quite well and impress with a variety of features.

Enterprise Grade Security

In the vastness of the Internet there are lurking more dangers for your computer than ever before. But not only in the World Wide Web users are facing fraudsters and thieves who try to get valuable data from you. Also locally you can find a lot of stealing of data and unwanted access by third parties. Windows 10 IoT offers its users completely new and improved ways to protect your operating system from power-on to power-down. You can find out what functions are available for this purpose and what they mean exactly by following our short overview.

Secure your devices

Determine which peripherals, such as USB sticks or external hard drives, are considered trustworthy and ensure that only these ones are recognized by the PC.

  • Two-factor-authentication when logging in
  • Device Guard:

    Thanks to the so-called Advanced Threat Resistance only trustworthy applications run on the system

  • Secure Boot:

    Ensures that only certified files are loaded during the boot process and that an operating system with a stored security certificate is started

Advanced Lockdown:

Describes mainly the function to customize your Windows operating system to your needs by means of specific restrictions (see also our article about customizing) At the same time this also means an increased safety factor for your operating system. This is because the Advanced Lockdown offers you the possibility to allow only specific programs to perform operations on your computer. In reverse, unwanted malware and/or software will not even get the chance to log into your PC.

The lockdown also includes the following security functions:

  • AppLocker:
    • Disable unwanted software/programs as already mentioned above
    • Keep control of all processes by requiring your approval
  • Shell Launcher:
    • Automatically start into a custom shell after logging in
    • Disable hotkeys and certain key combinations
  • Unified Write Filter:

    Essential when it comes to the write protection of hard disks. This means that the Unified Write Filter does not allow any changes to the hard disk as well as the stored files and programs. Changes are only stored via RAM for a short time. After restarting the operating system, everything will be set to default again.

  • Mobile Device Management (MDM):

    Deny USB and other peripherals access to your computer.

Secure your data

  • Trusted Platform Modules (TPM):

    A TPM is a chip integrated in a lot of systems, which allows hard disks to be encrypted. The TPM also makes it possible to identify any hardware in the system. This allows the chip to detect possible changes within the system.

  • BitLocker:

    Encrypts your drives/hard disks and allows you to safely erase data. This makes it much more difficult to restore deleted data. This is important if you, for instance, want to discard old computers.

  • Enterprise Data Protection:

    Protects against data loss caused by leaks in the system (e.g. clouds, e-mail, social media)

Protect your identity

  • Windows HELLO:

    Registration by fingerprint, facial or iris recognition

  • Credential Guard:

    Protects your access data from malware and the like

##Overview page of Windows 10 IoT Enterprise

Please enter these characters in the following text field.

The fields marked with * are required.

More on this topic

14 Mar 2017 Array ( [id] => 248 [title] => Windows 10 IoT Enterprise: Introduction [authorId] => [active] => 1 [shortDescription] => What actually is Windows 10 IoT Enterprise? Broadly speaking: It is the Embedded version of Windows 10. But stop: We should not be discouraged by this comparison. While Windows Embedded was often seen as too complicated, Microsoft has changed and simplified a lot of things with the introduction of Windows 10 IoT. So Windows 10 in the IoT variant is suitable for almost everyone. [description] =>

But let’s start from the beginning and talk about the question why this operating system is now called Windows 10 IoT. First of all a little excursion to the term "IoT":

What does the term "IoT" mean?

IoT is the short form of "Internet of Things". This term describes the idea that PCs will gradually disappear and will be supplemented and replaced by smart objects ("things"). For the private sector this means that everyday objects are equipped with processors, sensors and transmitters. For example, refrigerators that re-order food or a smart brush that analyses your hair structure. But also and especially in the industrial sector the topic IoT is interesting for many industries. With embedded micro-devices, among others productions plants and dispatch processes can be networked and thus work much more efficiently.

What does this mean for Windows 10 IoT?

So why did Microsoft choose the name Windows 10 IoT for its new embedded operating system? Well, on the one hand, the term IoT is slowly on everyone’s lips, so that this isn’t a bad idea for marketing reasons in particular. On the other hand, Windows 10 IoT is part of the so called “One Windows” strategy. This means, that there is one Windows for all devices – from small devices up to big servers. This is because Windows 10 IoT exists in three versions which are differentiated according to the type of device: Windows 10 IoT Core for small devices like Raspberry Pi, Windows 10 IoT Mobile Enterprise for smartphones and small tablets and Windows 10 IoT Enterprise for systems with desktop shell and Win32 apps.

All three variants are based on the same core, to which different features for each device family can be added. Thanks to the common core, the so-called Universal Apps can run on all platforms or device types, which significantly reduce and simplify the effort for development and support.

Regarding the three Windows 10 IoT variants, we are only focusing on Windows 10 IoT Enterprise since this is the version that is running on (Mini-)PCs and allows running desktop apps as well as Win32 applications. Possible fields of applications for Windows 10 IoT Enterprise are areas such as POS, kiosk, digital signage, industrial control, production facilities as well as cash mashines.

##Overview page of Windows 10 IoT Enterprise

[views] => 10 [displayDate] => DateTime Object ( [date] => 2017-03-14 08:30:00.000000 [timezone_type] => 3 [timezone] => Europe/Berlin ) [categoryId] => 234 [template] => [metaKeyWords] => [metaDescription] => [metaTitle] => [tags] => Array ( ) [author] => [assignedArticles] => Array ( ) [media] => Array ( [0] => Array ( [id] => 3828 [blogId] => 248 [mediaId] => 50124 [preview] => 1 [media] => Array ( [id] => 50124 [albumId] => 19 [name] => 1_IoT_Einfuehrung [description] => [path] => media/image/1_IoT_Einfuehrung.png [type] => IMAGE [extension] => png [userId] => 56 [created] => DateTime Object ( [date] => 2019-11-06 00:00:00.000000 [timezone_type] => 3 [timezone] => Europe/Berlin ) [fileSize] => 9388771 [width] => 3000 [height] => 2000 ) ) ) [attribute] => Array ( [id] => 245 [blogId] => 248 [attribute1] => NULL [attribute2] => [attribute3] => [attribute4] => [attribute5] => [attribute6] => [digi1Inactivateblogarticle] => 0 [digi1Sponsoredpost] => 0 [digi1Featuredpost] => 0 [digi1Hideblogdetailsite] => 0 [digi1Showleftsidebarblogdetailsite] => 0 [digi1Disablecommentfunction] => 0 [digi1Hideimageslider] => 0 [digi1Relatedblogarticle1] => 250 [digi1Relatedblogarticle2] => 254 [digi1Relatedblogarticle3] => 256 [digi1Relatedblogarticle4] => [digi1Relatedblogarticle5] => [isReference] => 0 [relatedItem] => ) [comments] => Array ( ) ) 1
know-how
Windows 10 IoT Enterprise: Introduction
What actually is Windows 10 IoT Enterprise? Broadly speaking: It is the Embedded version of Windows 10. But stop: We should not be discouraged by this comparison. While Windows Embedded was often seen as too complicated, Microsoft has changed and simplified a lot of things with the introduction of Windows 10 IoT. So Windows 10 in the IoT variant is suitable for almost everyone.
20 Mar 2017 Array ( [id] => 250 [title] => Windows 10 IoT Enterprise: Benefits [authorId] => [active] => 1 [shortDescription] => Since we have devoted the last article to the term "Internet of Things" and the different variants of Windows 10 IoT, we are now entering the topic in general and will discuss the advantages of Windows 10 IoT Enterprise LTSB. [description] =>

What exactly is Windows 10 IoT Enterprise?

Windows 10 IoT Enterprise is an operating system for industrial applications and embedded PCs. It is suitable for all devices running desktop apps and Win32 applications. Windows 10 IoT has all the features of Windows 10 Professional and additional some so-called embedded lockdown features. These are used to secure the device and protect it against unwanted attacks. In addition, they offer various branding possibilities and can, for example, make the Windows operating system completely invisible behind a running application. We will explain the individual lockdown features more precisely in other articles.

What are the benefits of Windows 10 IoT Enterprise?

In addition to the lockdown features, Windows 10 IoT offers other advantages that are interesting for industrial solutions. For a start, this operating system is supported for at least 10 years and will be available for 5 more years (a total of 15 years), which is particularly relevant for applications that are to run for many years.

Another advantage is hidden in the abbreviation LTSB. This stands for Long Term Servicing Branch and states that only every 2-3 years new versions are provided in form of updates, which can, but do not have to be installed. These updates have already been extensively tested on other versions of Windows and should not cause any problems. To prevent security gaps, security updates and hotfixes are continually installed. However, these do not cause compatibility problems since they don’t change the operating system.

The Multilingual User Interface (MUI) is another benefit of Windows 10 IoT Enterprise compared to Windows Professional. MUI means that several language packs can be installed at the same time and you can switch between them, depending on the location or user. For Windows 10 IoT Enterprise, there are more than 30 different language packages. If you also count the individual variants like en-UK or en-US, there are over 100 languages in total.

Thanks to a new licensing model, Windows 10 IoT Enterprise is also cheaper for most systems than the well-known Windows Professional. What this exactly means we are explaining here.

As a special service, a recovery stick is always included in the delivery scope of a system with Windows 10 IoT Enterprise. If a new installation of the operating system is required or desired, it simply can be "recovered" or reinstalled by using the stick.

For which purposes Windows 10 IoT is suitable?

In general, Windows 10 IoT is suitable for all industrial applications: from kiosk systems, POS devices and ATMS to production plant and industrial control to digital signage players or medical devices – just to name a few.

If you are not sure if Windows 10 IoT is the right solution for you and your application, we can provide you a free test sample of the desired PC with a Windows 10 IoT trial version.

##Overview page of Windows 10 IoT Enterprise

[views] => 13 [displayDate] => DateTime Object ( [date] => 2017-03-20 08:00:00.000000 [timezone_type] => 3 [timezone] => Europe/Berlin ) [categoryId] => 234 [template] => [metaKeyWords] => [metaDescription] => [metaTitle] => [tags] => Array ( ) [author] => [assignedArticles] => Array ( ) [media] => Array ( [0] => Array ( [id] => 3830 [blogId] => 250 [mediaId] => 50125 [preview] => 1 [media] => Array ( [id] => 50125 [albumId] => 19 [name] => 2_IoT_Vorteile [description] => [path] => media/image/2_IoT_Vorteile.png [type] => IMAGE [extension] => png [userId] => 56 [created] => DateTime Object ( [date] => 2019-11-06 00:00:00.000000 [timezone_type] => 3 [timezone] => Europe/Berlin ) [fileSize] => 7041074 [width] => 3000 [height] => 2000 ) ) ) [attribute] => Array ( [id] => 247 [blogId] => 250 [attribute1] => NULL [attribute2] => [attribute3] => [attribute4] => [attribute5] => [attribute6] => [digi1Inactivateblogarticle] => 0 [digi1Sponsoredpost] => 0 [digi1Featuredpost] => 0 [digi1Hideblogdetailsite] => 0 [digi1Showleftsidebarblogdetailsite] => 0 [digi1Disablecommentfunction] => 0 [digi1Hideimageslider] => 0 [digi1Relatedblogarticle1] => 254 [digi1Relatedblogarticle2] => 254 [digi1Relatedblogarticle3] => 258 [digi1Relatedblogarticle4] => [digi1Relatedblogarticle5] => [isReference] => 0 [relatedItem] => ) [comments] => Array ( ) ) 1
know-how
Windows 10 IoT Enterprise: Benefits
Since we have devoted the last article to the term "Internet of Things" and the different variants of Windows 10 IoT, we are now entering the topic in general and will discuss the advantages of Windows 10 IoT Enterprise LTSB.
28 Mar 2017 Array ( [id] => 254 [title] => Windows 10 IoT Enterprise: Customizing [authorId] => [active] => 1 [shortDescription] => After we have already explained the benefits of Windows 10 IoT, we now want to be a bit more concrete. For this reason we now want to deepen the topic customizing a bit. The so-called embedded lockdown features are playing the leading role within this article. [description] =>

Lockdown means that a Windows operating system can be adapted to your needs with specific restrictions. In the following we will discuss the lockdown features that are used to customize the operating system. The features that provide more security will be discussed in another article.

Unbranded Boot

The function Unbranded Boot can suppress Windows items that appear while starting the operating system. This includes the bootlogo, the status ring and the status text – either one of them or all at the same time.

In addition you can adjust that a black screen appears instead of a blue screen (= a fault message in Windows) and that the device will restart automatically. This way users can’t see if the system had a crash. After each crash a dump file will be created in the background in order to read out the error.

Embedded Logon

The Embedded Logon allows you to suppress elements of the Windows 10 user interface while starting and shutting down the operating system. For instance, the login screen can be hidden and an automatic login can be configured instead. Then it is possible to display an application directly after the boot screen. Furthermore, the login screen can be personalized by hiding some elements.

Shell Launcher

With the Shell Launcher a Windows 10 app or a classic Win32 program can be opened automatically if you want to hide the standard Windows user interface. This means, that when the PC is started, the application starts and the operating system remains invisible. It is also possible to configure different shells for different users so that two accounts run on the PC: one with the application as a shell and another with the classic desktop shell for administrative things.

Furthermore the Shell Launcher can be used to control what happens if the program crashes or is closed. It could restart, shut down or also just do nothing.

Assigned Access

The Assigned Access has similar functions as the shell launcher. It is interesting particularly for the so-called “single-function devices”, i.e. devices which are to fulfill only one function. These include, for instance, kiosks, POS terminals or displays at fairs. If an account is configured for Assigned Access a selected Windows app will run above the lock screen for the selected user account. Users of this account can not access any other function in the device. With some optional element the Assigned Access can be further personalized. For example regarding the power button availability and greeting elements.

To block access to the system certain touch and mouse gestures as well as key combinations can be blocked. To exit the application you have to press a special breakout key with which you can get to the login screen.

Customized OEM information

Another feature that allows you to personalize your PC is the possibility to customize the OEM information. You can state your own manufacturer and model name and insert your logo. In addition the support hours, phone and URL can be provided, which allows your customers to see directly where the system comes from and whom to contact with problems.

##Overview page of Windows 10 IoT Enterprise

[views] => 13 [displayDate] => DateTime Object ( [date] => 2017-03-28 11:00:00.000000 [timezone_type] => 3 [timezone] => Europe/Berlin ) [categoryId] => 234 [template] => [metaKeyWords] => [metaDescription] => [metaTitle] => [tags] => Array ( ) [author] => [assignedArticles] => Array ( ) [media] => Array ( [0] => Array ( [id] => 3836 [blogId] => 254 [mediaId] => 50126 [preview] => 1 [media] => Array ( [id] => 50126 [albumId] => 19 [name] => 3_IoT_Customizing [description] => [path] => media/image/3_IoT_Customizing.png [type] => IMAGE [extension] => png [userId] => 56 [created] => DateTime Object ( [date] => 2019-11-06 00:00:00.000000 [timezone_type] => 3 [timezone] => Europe/Berlin ) [fileSize] => 6164424 [width] => 3000 [height] => 2000 ) ) ) [attribute] => Array ( [id] => 251 [blogId] => 254 [attribute1] => NULL [attribute2] => [attribute3] => [attribute4] => [attribute5] => [attribute6] => [digi1Inactivateblogarticle] => 0 [digi1Sponsoredpost] => 0 [digi1Featuredpost] => 0 [digi1Hideblogdetailsite] => 0 [digi1Showleftsidebarblogdetailsite] => 0 [digi1Disablecommentfunction] => 0 [digi1Hideimageslider] => 0 [digi1Relatedblogarticle1] => 248 [digi1Relatedblogarticle2] => 250 [digi1Relatedblogarticle3] => 256 [digi1Relatedblogarticle4] => [digi1Relatedblogarticle5] => [isReference] => 0 [relatedItem] => ) [comments] => Array ( ) ) 1
know-how
Windows 10 IoT Enterprise: Customizing
After we have already explained the benefits of Windows 10 IoT, we now want to be a bit more concrete. For this reason we now want to deepen the topic customizing a bit. The so-called embedded lockdown features are playing the leading role within this article.