Windows Server: 18317

The latest Windows Server build for Insiders is build 182317 and has been released today. What’s new in this semi-annual release?

What’s New in Windows Server

WDAC – Composable (stacked) code integrity policies for supporting multiple code integrity policies

WDAC brings you the ability to support multiple CI policies. Three scenarios are now supported:

  • Scenario 1 – Deploy a “base” policy in enforcement mode and deploy a second “audit” policy side-by-side to support validation of policy changes before deploying in enforcement mode. (Intersection)
  • Scenario 2 – Enforce 2 or more “base” policies simultaneously to allow simpler policy targeting for policies with different scope/intent, e.g., Base1 corporate standard policy that is relatively loose to accommodate all organizations while forcing minimum corp standards (e.g. Windows works + Managed Installer + path rules). Base2 team specific policy that further restricts what is allowed to run (e.g. Windows works + Managed Installer + corporate signed apps only) (Intersection)
  • Scenario 3 – Supplemental policies deployed to expand Base policy, e.g., Azure host baseline policy restricts tightly to just allow Windows and hardware drivers allows supplemental policies. Exchange Azure team supplemental policy adds just the additional signer rules needed to support Exchange team signed code. (Union)