Identity-related new features in Windows 10, version 20H2 build 19042

Windows 10

Yesterday, Microsoft released Windows 10, version 20H2 build 19042 to Visual Studio Subscribers and organizations with access to the Software Download Center and the Volume Licensing Service Center. This version is also known as Windows 10 ‘October 2020 Update’.

It’s time to look at the new Identity-related features in this version of Windows 10:


Windows Hello Enhanced Sign-in Security

With enhanced sign-in security, Windows Hello now offers added support for virtualization-based security for certain fingerprint and face sensors, which protects, isolates, and secures a user's biometric authentication data.

Enhanced sign-in security requires specialized hardware and software components that can be leveraged starting on devices shipping with Windows 10 20H2 configured out of factory. Documentation will be available later this year.


Mobile Device Management (MDM)

Like we’ve been doing with Group Policy for 20 years, we can now make granular changes to Local Users and Groups on an Mobile Device Management (MDM)-managed Windows 10 devices by using the Local Users and Groups MDM policy.

There have been many enhancements to Windows Autopilot since version 2004, including Windows Autopilot for HoloLens, Windows Autopilot and co-management, and enhancements to Autopilot reporting:

  • Windows AutoPilot with co-management
    Co-management policy can be set during Autopilot deployment to ensure workloads are managed from the appropriate source.
  • Windows AutoPilot ESP with task sequences
    Using a task sequence as part of Windows Autopilot allows organizations to take advantage of Configuration Manager investments and reuse those task sequences to configure devices. The task sequence can integrate right into the Enrollment Status Page (ESP), blocking access to the desktop until the task sequence completes.


Microsoft Defender Application Guard for Office

Microsoft Defender Application Guard, designed for Windows 10, now supports Office. With this support, employees can launch untrusted Office documents (those that come from outside the Enterprise) in an isolated container to prevent potentially malicious content from compromising their computer or exploiting their personal contents.


Microsoft Edge on Chromium

Windows 10, version 20H2 is the first version of Windows to come with Microsoft Edge on Chromium. Microsoft Edge on Chromium received the highest-rated protection against phishing and malware as reported in an independent study by NSS Labs.

Microsoft Edge on Chromium offers additional lines of defense:

  • Hardware isolation through Microsoft Defender Application Guard
  • Native support for Microsoft Endpoint Data Loss Prevention (DLP)
  • App Configuration in Intune through Azure AD Profiles in Microsoft Edge

It all aids to protect data from falling in the wrong hands. Microsoft 365’s intelligent security solutions enable the Zero Trust journey for organizations, and Microsoft Edge natively supports these solutions to work seamlessly within this architecture.


Universal Print

Universal Print provides cloud-managed print services built on Azure. Universal Print ensures that people can print from anywhere, anytime, with secure identity credentials. And, it is integrated right into Microsoft Endpoint Manager making it easy to get started and join the thousands of Preview organizations who have moved millions of print jobs to the cloud.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.