Windows 10 new features

Security:
Device guard

Credential Guard protects corporate credentials with hardware-based credential isolation (prevents the current forms of the pass-the-hash (PtH) attack)

Windows hello with TPM 2.0

Secure Boot protect Disable Execute bit (NX option) or ensuring that the test signing policy (code integrity) cannot be enabled. Devices with UEFI firmware can be configured to load only trusted operating system bootloaders

Early Launch Antimalware (ELAM) tests all drivers before they load and prevents unapproved drivers from loading.

Health attestation. The device’s firmware logs the boot process, and Windows 10 can send it to a trusted server that can check and assess the device’s health.

SCCM backup

Disks
c - system
d - SQL bin\logs
e - sccm data (packages, apps, etc)
f - sql database

Administration \ Site configuration \ Sites \ Site Maintenance
Backup Site Server to disk E:

Next step is to use script (OS task scheduler) to copy this backup and logs to another server
https://drive.google.com/open?id=0B-Myn42Tc3zSRWQwcXdIOElpX0U
At the end of the script there is another script
https://drive.google.com/open?id=0B-Myn42Tc3zST2VJMF9DcEFBNnc
to delete old backups

Set system state backup using wizard or wbadmin

Manually invoke SCCM baseline evaluation

$ComputerName = "xxx"
$Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
$name = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -match "BitLocker Protection"} | Select-Object -ExpandProperty Name
$version = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -match "BitLocker Protection"} | Select-Object -ExpandProperty Version
([wmiclass]"\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($Name, $Version)