Windows 10 IoT Enterprise - Administrator Guide
● DirectAccess—Allows remote access to a corporate network without launching a separate VPN. For
more information, see http://technet.microsoft.com/en-us/windows/dn168168.aspx.
● BranchCache—Allows a device to cache les, websites, and other content from central servers, ensuring
that the content is not repeatedly downloaded across the wide area network (WAN). For more
information, see http://technet.microsoft.com/library/hh831696.aspx.
● AppLocker—Species a subset of apps that can be run on the system. For more information, see
http://technet.microsoft.com/library/hh831440.aspx.
● Enterprise Sideloading—Enables IT to directly deploy apps to devices without using the Windows Store.
For more information, see http://technet.microsoft.com/en-us/library/hh852635.aspx.
● BitLocker/BitLocker To Go—Enables full-disk encryption and optional binding to the TPM chip,
preventing the hard drive from working if removed from the thin client. For more information, see
https://technet.microsoft.com/en-us/library/hh831507.aspx.
● Device Encryption—Allows self-encrypted drives. For more information, see
https://technet.microsoft.com/en-us/windows/bb964600.aspx.
● Secure Boot/Trusted Boot—Makes sure that thin clients only boot using a trusted boot source. For
more information on Secure Boot, see https://technet.microsoft.com/en-us/library/hh824987.aspx. For
more information on Secure Boot and Measured Boot, see https://msdn.microsoft.com/en-us/library/
windows/hardware/dn653311(v=vs.85).aspx.
● Device Guard—Allows you to lock down a device so that it can run only trusted apps. For more
information, see https://technet.microsoft.com/en-us/itpro/windows/whats-new/device-guard-
overview.
● Credential Guard—Uses virtualization-based security to isolate user credentials and specify the
privileged system software that can access the credentials. For more information, see
https://technet.microsoft.com/en-us/itpro/windows/whats-new/credential-guard.
● Microsoft Passport—Allows you to use strong two-factor authentication that consists of an enrolled
device and either Windows Hello, biometric input, or a PIN. For more information, see
https://technet.microsoft.com/en-us/itpro/windows/whats-new/microsoft-passport.
● Virtual Secure Mode—Protects the OS kernel and system les from malware using virtualization
technology. For more information, see https://channel9.msdn.com/Blogs/Seth-Juarez/Windows-10-
Virtual-Secure-Mode-with-David-Hepkin.
● Windows Hello—Enables you to use biometric authentication through ngerprint matching and facial
recognition. For more information, see https://technet.microsoft.com/en-us/itpro/windows/keep-
secure/windows-hello-in-enterprise.
8 Chapter 3 Conguration