Of February’s patches, Ignite, and the fate of Windows 10 feature releases

We finished off February with an all clear for that month’s Microsoft updates. So if you haven’t installed updates as we get into March, make sure you do so at this time.  

I do recommend that you skip KB4535680, the Microsoft secure boot patch that’s been disruptive if you have Bitlocker enabled. (Many patchers reported that it triggered the Bitlocker recovery password.) If you got it installed, fantastic! You don’t need to uninstall it now. There isn’t a problem with the update; instead, there is a problem during the installation and for workstations with Bitlocker.

Instead of looking back on February’s patches, I urge you now to look forward to the next version of Windows 10 21H1. Microsoft has announced that the 21H1 release will not be a major release; it’ll be more like the minor releases we normally see in the fall. Once again, the biggest updates appear to be security features for business.

Businesses have a variety of tools and extended maintenance windows for enterprise versions, and yet, they do not take advantage of the increasing security benefits of Windows 10. Conversely, home and consumer users don’t see the advantages of these feature releases, they just see that things change — and not always for the better.

The new features announced for 21H1 – there are three big ones — probably won’t be deployed by businesses for many months. They include:

  • Windows Hello multicamera support, which will set the default as the external camera when both external and internal Windows Hello cameras are present. Clearly, the COVID-19 pandemic has increased our need for web cameras for Zoom and Teams meetings. But that means that the Windows Hello biometric functions need to know which camera is the best one to use while signing in. This setting ensures that the camera you are using as the primary camera will be the one that gets priority.
  • Windows Defender Application Guard performance improvements, which include optimizing document-opening scenario times. Windows Defender Application Guard (I think Microsoft means Microsoft Defender Application Guard, given its renaming) refers to an Edge addition that scans documents as you open them in your browser. Note: this is only available on Windows 10 Pro versions and higher.
  • Windows Management Instrumentation (WMI) Group Policy Service (GPSVC), which improves performance to support remote-work scenarios. Once again, this improvement — while needed for work from home — does not provide additional features for standalone users working remotely at this time.

For Windows 10 Professional users, you can enable Microsoft Defender Application Guard by clicking on the search box, then searching for Turn Windows Features on or off and scrolling down until you find Microsoft Defender for applications. Turn it on. It’s an easy update, but it will demand a Windows 10 reboot. Since it’s a virtualized, isolated instance of Edge for secure browsing of untrusted sites, I’ve got it running on my home computers. That way, I’m as protected as I can be on machines that I’m more likely to do more unsafe browsing.

Copyright © 2021 IDG Communications, Inc.

Source link