Windows 10 release 2004 is out, with a slew of new features. They include several updates to its security and privacy. Here’s what you get when you download it, as outlined in the company’s blog post.
Microsoft has updated its System Guard Firmware Measurement. This feature, launched in Windows 10 1903, helps guarantee the integrity of a system when it starts by checking system firmware, and it’s part of a broader System Guard protection feature.
This system now checks more things when launching Windows (specifically IO ports and memory-mapped IO, which is a computing feature that uses the same address register to access both main memory and peripheral controllers). It provides more evidence that the system hasn’t been tampered with during bootup. You’ll need newer hardware to use this latest enhancement though, warns Microsoft, adding that it will be along shortly.
Also on the menu is Chromium-based Edge support for Application Guard, which is a Defender feature that allowlists trusted websites and puts everything else in a container using the Hyper-V hypervisor technology build into Windows 10. That stops malicious sites from snooping on your enterprise data. Microsoft switched its Edge browser to the open-source Chromium engine in April 2019, so this is a welcome addition.
Application Guard isn’t the only tool that Microsoft uses to shield the rest of the system from your activities. In Windows 10 1903, it launched the Windows Sandbox, which is a lightweight desktop environment that isolates anything you run in it and wipes all its files when you close it down. Think of it like a temporary scratchpad for running Windows programs, offering a good way to test applications or to run them once.
In Windows 10 2004, the Sandbox now supports configuration files, enabling you to customise your virtual environment. You can use a microphone with it now, along with full screen mode. You can also set apps to restart automatically when you sign in.
The latest Windows release also introduces broader support for FIDO2 security keys. Microsoft won its FIDO2 certification a year ago, folding it into Windows Hello. It now supports devices that are joined to the Azure Active Directory, which is the identity management and access control system that fronts Office 365 and everything else in the Azure cloud.
The company also added easier settings for passwordless access to Microsoft accounts directly in the OS. Now, you can access Sign-in options in the Accounts section of the Settings area and set ‘Require Windows Hello sign-in for Microsoft accounts’ to ‘On’. You can also set up PIN-based Windows Hello access in Safe mode (which boots into Windows with many features and hardware devices turned off for troubleshooting).
Being signed into a Microsoft account is now vital for users who rely on Microsoft’s Cortana virtual assistant. As of this Windows 10 release you must be signed into a Microsoft account to use Cortana.
Microsoft says that it is shifting the assistant to enterprise productivity and is abandoning music, connected home, and third-party skills in Cortana as of this release. The new incantation of Cortana is called Cortana enterprise services, and it falls under the Online Services Terms (OST) that the company updated in November 2019 after pressure from the Dutch privacy regulator.
Microsoft explains that it is redefining itself as the data processor for customer data collected by Cortana enterprise services, as opposed to the data controller. This is a GDPR distinction. Under that EU regulation, a data processor has less responsibility for user data. It only processes the data that it receives from the data controller (in this case the Cortana user), which calls the shots on what is collected, how it is changed, and where and how it is used.
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
TAJ
Thanks for this update. Can you describe in a few sentences what this means to regular end users (business users, not programming or developer types) in keeping their computers up-to-date and secure?
Danny Bradbury
It performs more checks to ensure that your computer hasn’t been tampered with, it gives you safer web browsing with Edge, it gives you better passwordless access options, and it lets you run applications safely with more options.
TAJ
Thank you.
Mahhn
I just hope we can disable Cortana on the new version as easy as the last one. I don’t mind loosing the search bar to get rid of an app I find invasive.
“Microsoft explains that it is redefining itself as the data processor for customer data collected by Cortana enterprise services”
Well, at least they are honest about harvesting data, and processing? it,,, like ransomware is honest about encrypting it… Facebook honest that anything you post is theirs, Gmail everything is read for analytics.
Privacy is just a word used by lawyers I guess…
Louis XIV
And I suppose none of these security features are available to us lowly Windows 10 Home users…(?)
Jeff
According to Microsoft’s “What’s new in Windows 10, version 2004 for IT Pros” document, there’s only one thing specific to Windows 10 Pro or Windows 10 Enterprise , in the section headlined Specialized displays: “With this update, devices running Windows 10 Enterprise or Windows 10 Pro for Workstations with multiple displays can be configured to prevent Windows from using a display, making it available for a specialized purpose.”
So it would seem that, other than the above display configuration, all the security and other features apply to Windows Home.
Tom
And no mention of the 10 compatibility bugs that also came with it. I’ll kindly warn you all to pause your feature updates until M$ gets a handle on it.
Josh
Because as an enterprise user I want to yell at a stupid virtual assistant in my open plan office, I would be interested to know what use cases they envisage for enterprise users for Cortana. I would have thought there would be a lot more home use cases for it.