Microsoft has released Windows 10 version 2004 build 19041 (or ‘Windows 10 May 2020 Update’) through Windows Server Update Services (WSUS) and Windows Update for Business. It was previously already available as download from Visual Studio Subscriptions, the Software Download Center (via Update Assistant or the Media Creation Tool), and the Volume Licensing Service Center.
It’s time to look at the new Identity-related features in this version of Windows 10:
FIDO2 for hybrid environments
FIDO2 security key support has been expanded to include hybrid Azure Active Directory-joined devices, enabling even more organizations to take an important step in their journey towards passwordless environments.
Before Windows 10 version 2004, the use of FIDO2 security keys was only available for Azure AD-joined devices. These devices are typically joined to Azure AD from the Out-of-the-Box experience. Hybrid Azure AD Join occurs through a Group Policy assigned to Active Directory domain-joined Windows-based devices.
Next to Windows 10 version 2004, FIDO2 security keys also require:
- Windows Server 2016-based Domain Controllers and/or Windows Server 2019-based Domain Controllers with the January 23 2020 Feature update.
- Azure AD Connect version 18.104.22.168, or a newer version of Azure AD Connect with the user objects in scope for synchronization and Hybrid Azure AD Join enabled.
- FIDO2 security keys enabled on the Authentication Methods blade in the Azure AD Portal.
Windows Hello for Microsoft accounts
Starting in Windows 10 version 2004 you can enable passwordless sign-ins for Microsoft accounts to strengthen device access by switching all Microsoft accounts on the device to modern multi-factor authentication with Windows Hello Face, Fingerprint, or PIN, and eliminating passwords from Windows.
Windows Hello PIN added to Safe mode
For added security when troubleshooting an issue on a device, Microsoft has enabled the Windows Hello experience for devices started in Safe mode.