Because Windows 10 clients cannot run Hyper-V when they're already hypervised, features using Hyper-V run only on bare metal or adjunct where Hyper-V is native. You can't spawn this, therefore, in virtualized sessions of Windows 10 to sandbox applications.
UEFI Secure boot support helps prevent boot-time malware and viruses from changing kernels, or otherwise infecting them, although it's the source of criticism from other OS vendors and their fans. For some hosts, it requires BIOS selection changes best not left to civilian users, but we recommend using UEFI for its protection. TPM BIOS settings had to be cleared to make TPM and TPM-related apps work in test versions of Windows 10, but we didn't have a problem with it in the RTM-and-first-patched version we used.
Microsoft will also allow third party application direct VPN connections, rather than creating a host-level circuit between hosts. This means that several secure circuits can be managed without user intervention, or exposing two networks to each other without safeguards. This wasn't tested because it's new and applications using this technique could not be found at press time.
To achieve an additional sense of security, Microsoft has changed how applications can work securely, although some of the big changes -- policy-driven changes towards dividing business and personal apps and data -- won't appear until the fall update.
This said, Windows 10 is ready to be managed under the MDM constraints of Microsoft's InTune skills today; we tested basic functionality and it works.
Versions: Pick The Enterprise Edition
The Business Editions are limited. There are three salient business versions, culminating with an Education version that is perhaps the equivalent of prior Windows "Ultimate" editions.
Choosing Enterprise over Professional Editions gives IT and organizations more flexibility and choice:
Professional Edition gets updates for as long as the device exists, but it can't be meaningfully transferred to another device and receive updates. Professional Edition gets its updates and payloads from Microsoft using push-methods, where organizations licensing (usually through Microsoft's Software Assurance Agreements) gain control over what's delivered and when.
Professional updates therefore create a periodic event, and organizations might not be able to dependency-check updates prior to delivery, this potentially rendering apps/updates/patches/fixes that might break things, where Enterprise licensees of organizations (perhaps not individual Enterprise licensees) can pilot, then roll-out organizationally-vetted packages under their own auspices when distribution makes sense, perhaps with organizational credentials signing.
Caveats and summary
Windows 10 has plenty of eye candy and is approachable for users. Some already have the nagware compelling them to upgrade. Long time Windows followers warn to not do this until the first set of patches and fixes arrive, and we agree. For pioneers, self-supporting power users, and test personnel, the time is ripe.
Sign up for Computerworld eNewsletters.