Microsoft announces Secure Productive Enterprise (SPE)-- a licensing option covering OS, productivity apps and mobile device management by bundling Windows 10 Enterprise, Office 365, and Enterprise Mobility + Security (EMS).
Also included is a selection of collaboration and analytics products, as well as the newly announced Windows Defender Application Guard and enhanced Advanced Threat Protection in order to cover the "secure" part of the SPE name. Windows Defender Application Guard uses Hyper-V virtualisation to sandbox web applications, allowing users to visit and use untrusted sites without the risk of malware infections, and stop targeted spear-phisihing attacks.
It creates a Windows instance in hardware, with a separate kernel and the bare minimum of Windows Platform Services required to run Edge. As a result exploitable resources (such as memory and local storage) are blocked, as is access to credentials. Any malware deposited finds nothing to glean or hook to, and once the browser session it is discarded together with the temporary instance.
Read more...