Introduction to securing Windows 10 endpoints


Threat protection product names in Microsoft are changing. Read more about this and other updates. We'll be updating names in products and in the Learn content in the near future.

One of the most effective ways to protect your users and data is to use the latest operating system with all security patches and newest security technologies built to address today’s threats.

Windows 10 is the most secure operating system built by Microsoft and includes the latest security technology available today.

With tools and features built into Windows 10, you can holistically defend your end users from attacks.

  • Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint or facial recognition.
  • Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
  • Microsoft Defender Application Guard designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet.
  • Device Guard is a group of key features designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.
  • Windows Defender Antivirus delivers comprehensive, ongoing and real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud and the web.

These are just a few of the features that enable the Windows 10 Defense Stack help protect your business pre- and post-breach.