Windows 10 release 2004 is out, with a slew of new features. They include several updates to its security and privacy. Here’s what you get when you download it, as outlined in the company’s blog post.
Microsoft has updated its System Guard Firmware Measurement. This feature, launched in Windows 10 1903, helps guarantee the integrity of a system when it starts by checking system firmware, and it’s part of a broader System Guard protection feature.
This system now checks more things when launching Windows (specifically IO ports and memory-mapped IO, which is a computing feature that uses the same address register to access both main memory and peripheral controllers). It provides more evidence that the system hasn’t been tampered with during bootup. You’ll need newer hardware to use this latest enhancement though, warns Microsoft, adding that it will be along shortly.
Also on the menu is Chromium-based Edge support for Application Guard, which is a Defender feature that allowlists trusted websites and puts everything else in a container using the Hyper-V hypervisor technology build into Windows 10. That stops malicious sites from snooping on your enterprise data. Microsoft switched its Edge browser to the open-source Chromium engine in April 2019, so this is a welcome addition.
Application Guard isn’t the only tool that Microsoft uses to shield the rest of the system from your activities. In Windows 10 1903, it launched the Windows Sandbox, which is a lightweight desktop environment that isolates anything you run in it and wipes all its files when you close it down. Think of it like a temporary scratchpad for running Windows programs, offering a good way to test applications or to run them once.
In Windows 10 2004, the Sandbox now supports configuration files, enabling you to customise your virtual environment. You can use a microphone with it now, along with full screen mode. You can also set apps to restart automatically when you sign in.
The latest Windows release also introduces broader support for FIDO2 security keys. Microsoft won its FIDO2 certification a year ago, folding it into Windows Hello. It now supports devices that are joined to the Azure Active Directory, which is the identity management and access control system that fronts Office 365 and everything else in the Azure cloud.
The company also added easier settings for passwordless access to Microsoft accounts directly in the OS. Now, you can access Sign-in options in the Accounts section of the Settings area and set ‘Require Windows Hello sign-in for Microsoft accounts’ to ‘On’. You can also set up PIN-based Windows Hello access in Safe mode (which boots into Windows with many features and hardware devices turned off for troubleshooting).
Being signed into a Microsoft account is now vital for users who rely on Microsoft’s Cortana virtual assistant. As of this Windows 10 release you must be signed into a Microsoft account to use Cortana.
Microsoft says that it is shifting the assistant to enterprise productivity and is abandoning music, connected home, and third-party skills in Cortana as of this release. The new incantation of Cortana is called Cortana enterprise services, and it falls under the Online Services Terms (OST) that the company updated in November 2019 after pressure from the Dutch privacy regulator.
Microsoft explains that it is redefining itself as the data processor for customer data collected by Cortana enterprise services, as opposed to the data controller. This is a GDPR distinction. Under that EU regulation, a data processor has less responsibility for user data. It only processes the data that it receives from the data controller (in this case the Cortana user), which calls the shots on what is collected, how it is changed, and where and how it is used.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.