The main changes are:
- PreBoot Authentification: HotPlug DMAare prohibited
- Hardware Security Test Interface (HSTI): automatic encryption of all corresponding devices
- Recovery key: backup in AZURE Active Directory will be available
- VM: support of virtual TPM chip (vTPM). Hyper-V (vNext) with a physical TPM chip could expose it to the virtual machines.
- Windows Phone: stand-alone encryption without going through a MDM like Intune, SCCM, ...