Updated

Best new Windows 10 security features: Passwordless authentication, Chromium-based Edge support

Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 2004 feature release.

1 2 3 4 5 Page 5
Page 5 of 5
  • Support for virtualization-based security (required)
  • Secure boot (required)
  • TPM 2.0 either discrete or firmware (preferred - provides binding to hardware)
  • UEFI lock (preferred - prevents attacker from disabling with a simple registry key change)

If you want to enable credential guard on virtual machines where the risk of lateral movement may be higher, additional hardware requirements include:

  • 64-bit CPU
  • CPU virtualization extensions plus extended page tables
  • Windows Hypervisor

Windows 10 1511 introduced the ability to enable Credential Guard by using the registry to allow you to disable Credential Guard remotely.

Group Policy Security

Windows 10 1703 introduced a new security policy specifically to make the username more private during sign in. Interactive logon: Don't display username at sign-in allows for more granular control over the sign in process.

Windows Hello for Business

Windows 10 1703 introduced the ability to reset a forgotten PIN without losing profile data. Windows 10 1607 combined the technologies of Microsoft Passport and Windows Hello.

Windows Update for Business

Feature update installation can be deferred by 365 days, increased from the prior 180 days allowed.

Virtual Private Network (VPN)

Windows 10 1607 allowed the VPN client to integrate with the Conditional Access Framework and can integrate with the Windows Information Protection policy for more security.

Applocker

Windows 10 1507 introduced a new parameter that allows you to choose if executable and DLL rules will apply to non-interactive processes.

BitLocker

BitLocker received new features in Windows 10 1511 including enhancements in the XTS-AES encryption algorithm to better protect from attacks on encryption that utilize manipulating cipher texts. Windows 10 1507 introduced the ability to encrypt and recover a device with Azure Active Directory.

Windows 10 auditing

Windows 10 Version 1507 added more auditing events and increased fields to better track processes and events.

Copyright © 2020 IDG Communications, Inc.

1 2 3 4 5 Page 5
Page 5 of 5
The 10 most powerful cybersecurity companies