This guidance covers the deployment of a range of end user device platforms for the secure configuration of Windows 10 1809. Risk owners and administrators should agree a configuration which balances business requirements, usability and security.

• Protective Monitoring Solution: All data should be routed over a secure enterprise VPN to ensure the confidentiality and integrity of the traffic. This also allows the devices, and data on them, to be protected.

• Applications should be authorised by an administrator and deployed via a trusted mechanism.

• Most users should have accounts with no administrative privileges.  Administrator accounts should have a unique strong password per device.

Testing was performed on a Windows Hardware Certified device, running Windows 10 Enterprise. This guidance is not applicable to Windows devices managed via an MDM or Windows To Go. 

This guidance is not applicable to Windows devices managed via an MDM or Windows To Go. 

Risk owners and administrators should agree a configuration, which balances business requirements, usability and security.