Windows 10 Creators Update

Windows 10 Creators Update aka Redstone 2 is set to arrive early next year, spring 2017.

While the main agenda and focus of the update seems to be only creation, mixed reality and 3D for everyone, Microsoft is getting ready to push boundaries across security related issues, faced by IT administrators during their day to day work process.

With the Windows 10 Creators update, Microsoft is bringing game-changing security improvements as part of the Windows Defender Advanced Threat Protection system.

It will deliver new features and capabilities for modern IT and bring even more security advancements to enterprise customers as IT administrators drive digital transformation to optimize operations, enhance productivity and maintain the most secure environment possible.

To start, we will make it easier to monitor, track and act by creating one view of Windows 10 security events in the centralized portal called the Windows Security Center. First released in the Anniversary Update, the Windows Security Center will link to Office 365 Advanced Threat Protection, via the Microsoft Intelligent Security Graph, to allow IT administrators to easily follow an attack across endpoints and email in a seamless and integrated way.


In the Creators Update we’re also adding new actions and insights in Windows Defender Advanced Threat Protection (ATP) to investigate and respond to network attacks, including sensors in memory, enriched intelligence and new remediation actions.


  • Enriched Detection. As I’ve said before, methods and means attackers use are increasingly varied, complex and well-funded. The sensors we have today across the network traffic channeled through end points and the cloud are powerful. However, cyber threats won’t stop, and neither will we. With the Creators Update we will expand Windows Defender ATP sensors to detect threats that persist only in memory or kernel level exploits. This will enable IT administrators to monitor loaded drivers and in-memory activities, and to detect various patterns of injection, reflective loading, and in-memory modifications indicating potential kernel exploits.
  • Enriched Intelligence. We already add on to our Microsoft Threat Intelligence (TI) with industry partners like FireEye iSIGHT Threat Intelligence. In the Creators Update, we’ll enable IT administrators to feed their own intelligence into the Windows Security Center for alerts on activities based on their own indicators of compromise. This added level of insight will enrich machine learning models to identify and block malware more quickly and better protect their unique environment.
  • Enhanced Remediation. We will also deliver new remediation actions in Windows Defender ATP that will give IT administrators the tools to isolate machines, collect forensics, kill and clean running processes and quarantine or block files with a single click in the Windows Security Center and further reduce response time.