ASD's Blueprint for Secure Cloud

Operating System

This section describes the design decisions associated with Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

The operating system enables software applications to interface with the hardware. The operating system manages input and output device components like the mouse, keyboard, network and storage. Windows 10 and 11 are available in several editions, including:

  • Home – minimal management and deployment features and cannot be joined to either an on-premises or Microsoft Entra ID domain. It is targeted from home use only.
  • Professional – this edition includes management and deployment features and can be joined to both an on-premises and Microsoft Entra ID domain.
  • Enterprise – this edition has additional enterprise security features as well as the UE-V and App-V clients built in and only distributable through Microsoft’s Volume Licensing Program.

Servicing of Windows 10 and 11 falls into three distinct channels (previously known as rings):

  • Windows Insider Program – Windows Insider Program receive feature updates immediately enabling pilot machines to evaluate builds earlier than the General Availability channel. A business must opt-in for this service and install a specific Windows Insider Program for Business Preview build.
  • General Availability – General Availability Channel receives feature update annually and is designed for the broad population of general-purpose devices within organisations. The General Availability Channel is the default servicing channel for all Windows 10 and 11 devices with the exception of Long Term Servicing Channel (LTSC) release of Windows 10 and 11 Enterprise.
  • Long-Term Servicing Channel – Long-Term Servicing Channel (LTSC) receives releases much more gradually (expected every 2 - 3 years) and is designed for special purpose devices such as those used in Point of Sale (POS) systems or controlling factory or medical equipment, and those machines without Microsoft Office. Additionally, a number of applications are not supported on LTSC Windows devices, for example Microsoft Edge, Microsoft Store, and Microsoft Mail, amongst others.

Security & Governance

  • None identified

Design

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra