Windows 10 企业版 2016 LTSC 中的新增功能What's new in Windows 10 Enterprise 2016 LTSC

适用范围Applies to

  • Windows 10 企业版 2016 LTSCWindows 10 Enterprise 2016 LTSC

本文列出了适用于 Windows 10 企业版 2016 LTSC 的新功能和更新的功能和内容,与 Windows 10 企业版 2015 LTSC (LTSB) 相比 (LTSB) 。This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2016 LTSC (LTSB), compared to Windows 10 Enterprise 2015 LTSC (LTSB). 有关 LTSC 服务通道的简要说明,请参阅 Windows 10 企业版 LTSCFor a brief description of the LTSC servicing channel, see Windows 10 Enterprise LTSC.

备注

Windows 10 企业版 2016 LTSC 中的功能等同于 Windows 10 版本1607。Features in Windows 10 Enterprise 2016 LTSC are equivalent to Windows 10, version 1607.

部署Deployment

Windows 映像和配置设计器 (ICD)Windows Imaging and Configuration Designer (ICD)

在以前版本的 Windows10 评估和部署工具包 (ADK) 中,必须安装其他功能才能使 Windows ICD 运行。In previous versions of the Windows 10 Assessment and Deployment Kit (ADK), you had to install additional features for Windows ICD to run. 开始在此版本的 Windows 10 中,你可以仅安装与其他映像组件的其他组件无关的配置设计器组件。Starting in this version of Windows 10, you can install just the configuration designer component independent of the rest of the imaging components. 安装 ADK。Install the ADK.

Windows ICD 现在包含用于创建设置包的简化工作流:Windows ICD now includes simplified workflows for creating provisioning packages:

了解有关在 Windows10 中使用预配包的详细信息。Learn more about using provisioning packages in Windows 10.

Windows Upgrade ReadinessWindows Upgrade Readiness

重要

升级准备情况将不允许你评估升级到 LTSC release (LTSC 版本不可用作目标版本) 。Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). 但是,你可以注册运行 LTSC 的设备,以便计划升级到半年频道发布。However, you can enroll devices running LTSC to plan for an upgrade to a semi-annual channel release.

Microsoft 开发了 Upgrade Readiness,以满足企业客户查找有关升级到 Windows10 的其他方法和详细信息的需求。Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. 创建 Upgrade Readiness 时考虑了多种渠道的客户反馈、测试和将数以百万计的设备升级到 Windows10 的 Microsoft 体验。Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10.

启用 Windows 诊断数据后,Upgrade Readiness 将收集系统、应用程序和驱动程序数据以供分析。With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. 然后,我们会识别可能阻止升级的兼容性问题,并建议进行修复(当 Microsoft 已知这些问题时)。We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.

使用 Upgrade Readiness 获取:Use Upgrade Readiness to get:

  • 从试生产到生产为你提供指导的直观工作流A visual workflow that guides you from pilot to production
  • 详细的计算机和应用程序清单Detailed computer and application inventory
  • 功能强大的计算机级别搜索和挖掘功能Powerful computer level search and drill-downs
  • 应用程序和驱动程序兼容性问题的指导和见解以及建议的修复Guidance and insights into application and driver compatibility issues, with suggested fixes
  • 数据驱动的应用程序合理化工具Data driven application rationalization tools
  • 应用程序使用情况信息,从而允许进行针对性的验证;用于跟踪验证进度和决策的工作流Application usage information, allowing targeted validation; workflow to track validation progress and decisions
  • 数据导出到常用软件部署工具Data export to commonly used software deployment tools

Upgrade Readiness 工作流将指导你完成发现和合理化过程,直到你拥有一个可供升级的计算机列表。The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready.

了解有关使用 Windows Upgrade Readiness 规划和管理 Windows 升级的详细信息。Learn more about planning and managing Windows upgrades with Windows Upgrade Readiness.

安全Security

Credential Guard 和 Device GuardCredential Guard and Device Guard

Hyper-V 现在随附独立的用户模式,因此无需单独安装它。Isolated User Mode is now included with Hyper-V so you don't have to install it separately.

Windows Hello 企业版Windows Hello for Business

Windows10 在首次交付时即包含 Microsoft Passport 和 Windows Hello,二者结合使用可提供多重身份验证。When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. 为了简化部署并改进可支持性,Microsoft 将这些技术合并到了此版本的 Windows 10 中的 Windows Hello 名称下的一个解决方案中。To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in this version of Windows 10. 已部署 Microsoft Passport for Work 的客户将不会遇到任何功能更改。Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. 尚未评估 Windows Hello 的客户将会发现,由于简化了策略、文档和语义,部署操作将更简单。Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.

Windows 10 企业版 2016 LTSC 中的 Windows Hello 的其他更改:Additional changes for Windows Hello in Windows 10 Enterprise 2016 LTSC:

  • 个人(Microsoft 帐户)和公司(Active Directory 或 Azure AD)帐户为密钥使用单个容器。Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys.
  • 用于管理 Windows Hello 企业版的组策略设置现在均可用于用户配置计算机配置Group Policy settings for managing Windows Hello for Business are now available for both User Configuration and Computer Configuration.
  • 在此版本的 Windows 10 中开始,默认情况下,在所有加入域的计算机上禁用 Windows Hello 的便利 PIN。Beginning in this version of Windows 10, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. 若要启用便利 PIN,请启用组策略设置启用 便利 pin 登录To enable a convenience PIN, enable the Group Policy setting Turn on convenience PIN sign-in.

了解有关 Windows Hello 企业版的详细信息。Learn more about Windows Hello for Business.

BitLockerBitLocker

新的 BitLocker 功能New BitLocker features

  • XTS-AES 加密算法XTS-AES encryption algorithm. BitLocker 现在支持 XTS-AES 加密算法。BitLocker now supports the XTS-AES encryption algorithm. XTS-AES 提供面向一类对加密的攻击的额外保护,该类攻击依靠操纵密码文本来导致纯文本中出现可预测的更改。XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker 支持 128 位和 256 位的 XTS-AES 密钥。BitLocker supports both 128-bit and 256-bit XTS-AES keys. 它提供以下优势:It provides the following benefits:
    • 该算法符合 FIPS。The algorithm is FIPS-compliant.
    • 易于管理。Easy to administer. 你可以使用 BitLocker 向导、manage-bde、组策略、MDM 策略、Windows PowerShell 或 WMI 在组织中的设备上管理它。You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization.

      注意: 将无法在较早版本的 Windows 上访问使用 XTS-AES 加密的驱动器。Note: Drives encrypted with XTS-AES will not be accessible on older version of Windows. 仅建议将其用于固定和操作系统驱动器。This is only recommended for fixed and operating system drives. 可移动驱动器应继续使用 AES-CBC 128 位或 AES-CBC 256 位算法。Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms.

安全审核Security auditing

新的安全审核功能New Security auditing features

受信任的平台模块Trusted Platform Module

新的 TPM 功能New TPM features

  • 密钥存储提供程序 (KSP) 和 srvcrypt 支持椭圆形曲线加密 (ECC)。Key Storage Providers (KSPs) and srvcrypt support elliptical curve cryptography (ECC).

Windows 信息保护 (WIP),以前称为企业数据保护 (EDP)Windows Information Protection (WIP), formerly known as enterprise data protection (EDP)

随着企业中员工拥有的设备增加,游离于企业控制之外的应用和服务(例如电子邮件、社交媒体和公共云)意外泄露数据的风险也随之增加。With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. 例如,当员工从其个人电子邮件帐户发送最新的工程图片、复制产品信息并粘贴到推文,或者将正在进行的销售报告保存到其公共云存储时。For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.

Windows 信息保护 (WIP) 有助于防范此潜在的数据泄露,而且不会影响员工体验。Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP 还有助于保护企业应用和数据,以免在企业拥有的设备和员工自带的个人设备上发生意外的数据泄露,而且不需要对你的环境或其他应用进行更改。WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.

了解有关 Windows 信息保护 (WIP) 的详细信息Learn more about Windows Information Protection (WIP)

Windows DefenderWindows Defender

在此版本的 Windows 10 中,Windows Defender 已添加了一些新功能和管理选项。Several new features and management options have been added to Windows Defender in this version of Windows 10.

Microsoft Defender for EndpointMicrosoft Defender for Endpoint

随着来自有针对性的更复杂攻击的威胁日益增长,生成一个用于保护日益复杂的网络生态系统的新安全解决方案至关重要。With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Microsoft Defender for Endpoint 是内置于 Windows 10 的一种安全服务,可让企业客户检测、调查和响应其网络上的高级威胁。Microsoft Defender for Endpoint is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks.

了解有关 Microsoft Defender For Endpoint 的详细信息Learn more about Microsoft Defender for Endpoint.

VPN 安全性VPN security

  • VPN 客户端可与条件访问框架(一个基于云且内置于 Azure Active Directory 的策略引擎)集成,以提供用于远程客户端的设备合规性选项。The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
  • VPN 客户端可与 Windows 信息保护 (WIP) 策略集成以提供其他安全。The VPN client can integrate with Windows Information Protection (WIP) policy to provide additional security. 了解有关 Windows 信息保护(以前称为企业数据保护)的更多信息。Learn more about Windows Information Protection, previously known as Enterprise Data Protection.
  • 新 VPNv2 配置服务提供程序 (CSP) 可添加配置设置。New VPNv2 configuration service provider (CSP) adds configuration settings. 有关详细信息,请参阅 MDM 注册和管理中的新增功能For details, see What's new in MDM enrollment and management
  • Microsoft Intune:VPN 配置文件(Windows10 桌面版和移动版以及更高版本) 策略模板包含对本机 VPN 插件的支持。Microsoft Intune: VPN Profile (Windows 10 Desktop and Mobile and later) policy template includes support for native VPN plug-ins.

管理Management

针对加入 Azure Active Directory 的电脑使用远程桌面连接Use Remote Desktop Connection for PCs joined to Azure Active Directory

发布后,Windows10 即支持远程连接到已加入 Active Directory 的电脑。From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. 在此版本的 Windows 10 中启动时,你还可以连接到连接到 Azure Active Directory (Azure AD) 的远程电脑。Starting in this version of Windows 10, you can also connect to a remote PC that is joined to Azure Active Directory (Azure AD). 了解相关要求和受支持的配置。Learn about the requirements and supported configurations.

任务栏配置Taskbar configuration

企业管理员可以添加和删除从任务栏固定的应用。Enterprise administrators can add and remove pinned apps from the taskbar. 应用企业配置后,用户可以固定应用、取消固定应用,以及更改任务栏上已固定应用的顺序。Users can pin apps, unpin apps, and change the order of pinned apps on the taskbar after the enterprise configuration is applied. 了解如何配置任务栏。Learn how to configure the taskbar.

移动设备管理和配置服务提供程序 (CSP)Mobile device management and configuration service providers (CSPs)

已向 Windows10 CSP 添加许多设置,以便扩展用于管理设备的 MDM 功能。Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilities for managing devices. 若要了解有关此版本的 Windows 10 的 MDM 策略中的特定更改的详细信息,请参阅 MDM 注册和管理中的新增功能To learn more about the specific changes in MDM policies for this version of Windows 10, see What's new in MDM enrollment and management.

共享电脑模式Shared PC mode

此版本的 Windows 10 介绍了共享 PC 模式,这将针对共享使用方案(如企业中的 touchdown 空间和临时客户在零售中使用)优化 Windows 10。This version of Windows 10, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. 可将共享电脑模式应用到 Windows10 专业版、教育版和企业版。You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. 了解如何设置共享或来宾电脑。Learn how to set up a shared or guest PC.

适用于 Windows10 的应用程序虚拟化 (App-V)Application Virtualization (App-V) for Windows 10

应用程序虚拟化 (App-V) 使组织可以向用户传递 Win32 应用程序作为虚拟应用程序。Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. 虚拟应用程序安装在集中管理的服务器上并作为服务实时传递给用户(如果需要)。Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. 用户从熟悉的接入点(包括 Microsoft Store)启动虚拟应用程序并与之进行交互,就像在本地安装它们一样。Users launch virtual applications from familiar access points, including the Microsoft Store, and interact with them as if they were installed locally.

在此版本的 Windows 10 发布后,Windows 10 for 企业版中随附有 App-v。With the release of this version of Windows 10, App-V is included with the Windows 10 for Enterprise edition. 如果你不熟悉 Windows10 和 App-V 或者如果要从以前版本的 App-V 进行升级,将需要下载、激活和安装服务器端和客户端组件,以开始向用户传递虚拟应用程序。If you are new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users.

了解如何使用 App-V 传递虚拟应用程序。Learn how to deliver virtual applications with App-V.

适用于 Windows10 的用户体验虚拟化 (UE-V)User Experience Virtualization (UE-V) for Windows 10

许多用户针对 Windows 和特定应用程序自定义其设置。Many users customize their settings for Windows and for specific applications. 可自定义的 Windows 设置包括 Microsoft Store 外观、语言、背景图片、字号和主题色。Customizable Windows settings include Microsoft Store appearance, language, background picture, font size, and accent colors. 可自定义的应用程序设置包括语言、外观、行为和用户界面选项。Customizable application settings include language, appearance, behavior, and user interface options.

通过用户体验虚拟化 (UE-V),你可以捕获用户自定义的 Windows 和应用程序设置,并将其存储在集中管理的网络文件共享上。With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. 用户登录后,个性化设置将应用到其工作会话,无论他们登录到哪些设备或虚拟桌面基础结构 (VDI) 会话。When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.

在此版本的 Windows 10 发布后,UE-V 将包含在 Windows 10 for 企业版中。With the release of this version of Windows 10, UE-V is included with the Windows 10 for Enterprise edition. 如果你不熟悉 Windows10 和 UE-V 或者要从以前版本的 UE-V 进行升级,将需要下载、激活和安装服务器端和客户端组件,以开始跨设备同步用户自定义的设置。If you are new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices.

了解如何与 UE-V 同步用户自定义的设置。Learn how to synchronize user-customized settings with UE-V.

另请参阅See Also

Windows 10 企业版 LTSC: LTSC 服务通道的说明,其中包含指向有关每个版本的信息的链接。Windows 10 Enterprise LTSC: A description of the LTSC servicing channel with links to information about each release.