All the security features added in the Windows 10 May 2020 update

Windows 10 v2004 comes with Windows Sandbox improvements, WiFi 6, WPA3, and Windows Hello in Safe Mode.

A man works on a laptop computer near a Windows 10 display at Microsoft Build in San Francisco

The Windows 10 May 2020 update, also known as Windows 10 2004, has started rolling out to users today.

This new Windows 10 version comes with many new features, detailed in a previous ZDNet article, here, including the likes of a revamped Network Status page, the addition of GPU card temperatures to the Task Manager, and a new Cortana experience.

However, the Windows 10 2004 version also comes with improvements on the security front, which Microsoft claims will help keep Windows 10 users safe going forward.

Below is a list of all the new features, which we plan to update as we uncover new features in the coming days.

Windows Sandbox improvements

Last year, Microsoft introduced the Windows Sandbox on all Windows versions with the release of v1903. The Windows Sandbox component allows users to launch a virtual machine running a stripped down version of Windows 10. Since its launch, the Windows Sandbox has grown in popularity among the company's userbase as it allows users to execute dangerous apps in an isolated environment, without damaging their primary Windows 10 installation.

While the Windows Sandbox component is not on par with other sandboxing software, work on it has not stopped once it shipped with a Windows 10 release. Today, Microsoft rolled out a series of new features, which will make the app easier to automate in enterprise testing environments.

  • Support for configuration files so you can configure some aspects of the sandbox, such a vGPU, networking, and shared folders.
  • Microphone support.
  • The ability to configure audio input from the configuration file.
  • Activate the Ease of Access dialog with Shift+Alt+[print screen].
  • Enter and exit full screen mode with CTRL+Alt+[break].

Support for WiFi 6 and WPA3

Windows 10 v2004 now supports the latest versions of the WiFi wireless communications standard and WPA, the protocol used to authenticate WiFi connections.

Both protocols include protections against a series of attacks, such as DragonBlood, KRACK, and more, allowing Windows 10 users to connect to WiFi networks in a safer manner.

System Guard improvements

Microsoft says it also upgraded System Guard Secure Launch, a feature that checks if the device firmware has loaded in a secure manner, without being tampered.

In Windows 10, version 2004, Microsoft says the System Guard Secure Launch now measures more parameters than before. However, this feature will require modern hardware and may not work on all devices.

New security baselines

We also have new security baselines (drafts for now) for Windows 10 and Windows Server installations.

Security baselines are basic OS configurations that system administrators can deploy across their computer fleets and ensure that basic security features are enabled.

Windows Hello expanded

Windows Hello is a feature that lets users log into their Windows computer using biometrics (fingerprint scan, face scan) or passwordless methods (PIN code).

In Windows 10 v2004, once enabled, Windows Hello login options will also show up for computers booted up Safe Mode.

Furthermore, Windows Hello passwordless authentication methods can also be used as an alternative to passwords when users are logging into their Microsoft accounts.

More FIDO2 support

Windows 10 supports FIDO2 security keys as a form of passwordless authentication.

Starting with Windows 10 v2004, Microsoft says that FIDO2 security key support "has been expanded to include hybrid Azure Active Directory (Azure AD)-joined devices, enabling even more customers to take an important step in their journey towards passwordless environments."

Secured-core updates

Microsoft says that devices that run on AMD's new Ryzen Pro 4000 chipsets are now compatible with its new Secured-core technology. Secured-core is a feature of Windows 10 PCs that includes additional protections against attacks that tamper with a device's hardware components, firmware, or CPU's internal components.

New OS "cloud recovery option"

Windows 10 now has a cloud recovery option in the "Reset this PC" section.

Until today, the "Reset this PC" option only had one option -- namely to do a local reinstall where it would build a new Windows installation from existing Windows files. Starting with Windows 10 2004, users can select the cloud recovery option, which will instruct Windows to download the files needed for a reinstall from Microsoft's servers.

This option is recommended for users on fast internet connections only.

win10-cloud-recovery.png

Image: Microsoft