At the kickoff of the company's Ignite conference for IT professionals, Microsoft executives unveiled a number of advanced security services, and took jabs at competitor Google for not being as mindful of security.
"Google takes no responsibility to update their customers' devices, leaving end-users and businesses increasingly exposed every day they use their Android devices," said Terry Myerson, Microsoft's executive vice president of operating systems. "Google just ships a big pile of code, and then leaves you exposed with no commitments."
Microsoft is refining how it distributes security updates, starting with the upcoming releases of Windows 10 and Office 2016, Myerson said.
Right now, Microsoft sends out updates for Windows on the second Tuesday of each month, a routine called Patch Tuesday that touches over 858 million computers. Many consumer machines are configured to download and apply the patches automatically, and many enterprises control the update process using software such as Microsoft's System Center Configuration Manager.
With Windows 10, consumers can now get security updates as they are released from Microsoft, along with other updates and new features, resulting in a "steady stream of innovation every month," Myerson said.
Businesses will get a number of new options for handling security patches. They can opt into one of a set of "distribution rings." Some can choose to get their updates as soon as they arrive, or they can wait to see if any additional issues pop up with the patches, which has been a recurring problem with Microsoft patches of late.
Microsoft will also start offering the option to get only security updates, and not new feature updates, which can be handy for those mission-critical machines that organisations need to keep precisely configured.
Administrators can now specify when they want patches to be applied, so the patches aren't deployed during a busy time, or at night when some computers may be shut off. For those organisations with limited bandwidth, Windows 10 computers can share the updates with one another in a peer-to-peer network, rather than downloading patches for each machine.
In addition to updating the patching process, Microsoft also unveiled a number of new services to help better secure systems against data leakage and compromised identities.
A feature in Windows 10, Device Guard, limits the computer to running only those applications that have already been approved to run on that machine. This safeguard could prevent the user from unwittingly installing malware, thinking it came from an approved source.
Windows 10 is being outfitted with software to control the unauthorised copying of organisational data. A user can cut and paste information from an e-mail in the Outlook mail client into another organisation-approved application, such as Word. But the user can not paste the data into an unapproved application, such as into a Twitter account.
Users can override the block, but only after they click through a dialog box; Windows 10 will log all these unapproved copying actions.
Next section: Azure rights management and more