What's new for IT pros in the next Windows 10 update

The first update to Windows 10 since the arrival of Windows 11 makes it clear that Windows 10 will fall behind.

windows-10-logo.jpg

Image: Anton Watman/Shutterstock

The Windows 10 November 2021 Update, as Windows 10 21H2 is now known, is the last of the six-monthly feature updates to Windows. Like Windows 11, Windows 10 will now get an update just once a year (the Semi Annual Channel is now known as the General Availability Channel). And judging by what's included in this release (and what isn't), it's clear that sticking with Windows 10 means losing out on features.

SEE: Windows 11: Tips on installation, security and more (free PDF) (TechRepublic)

The focus for the November 2021 Update is "productivity, management and security" according to Microsoft, and most of the features are more relevant to enterprises than individuals. 

What's in; what's out

Windows 10 is getting Wi-Fi 6 support; less for the improved bandwidth and more for the Wi-Fi Protected Access 3 Hash-to-Element protocol (WPA3 H2E) that protects against the Dragonblood attacks on the way WPA3 encodes passwords for its SAE (Simultaneous Authentication of Equals) handshake (also known as Dragonfly). 

Although enterprise Wi-Fi networks aren't vulnerable, on the kind of personal wireless networks people will be using when working from home or at the coffee shop sidechannel attacks SAE could steal Wi-Fi passwords and other information. Assuming you have Wi-Fi 6 hardware in your PC, H2E is a more secure option that's also more computationally efficient.

However, Windows 10 isn't getting the USB 4 support that's in Windows 11; USB 4 ports are only on new PCs, but that includes some of the new Surface models from Microsoft, which are available with Windows 10 as an option.

Similarly, Windows 10 isn't getting the WSLg feature from Windows 11 that lets you run graphical Linux applications and have them show up on the Windows Start menu (although you can still run your own X Server) or the Linux file system integration that puts Linux folders in File Explorer.

But in the November 2021 Update, you can use GPU compute in WSL 2 if you're using it for machine learning or other applications that use the GPU to speed up massively parallel calculations. That means you can run machine learning frameworks like PyTorch and TensorFlow in WSL2. Any GPU with DirectX 12 drivers gives you DirectML support, although you may need to update your driver for it to work with TensorFlow in WSL 2; if you have an NVidia card, Windows 10 will support CUDA in WSL 2 as well. 

SEE: Office 365: A guide for tech and business leaders (free PDF) (TechRepublic)

Already supported in Windows 11, Windows 10 is getting the cloud trust model that Windows Hello for Business will introduce in 2022 for going passwordless. 

Usually organizations that use Windows Hello have to deploy Azure AD Connect and sync to their Active Directory with writeback; that's a lot of work and each sync can take anywhere from minutes to hours. Based on the work Microsoft did to let organizations use Azure AD to sign in to traditional AD resources on your network using a FIDO2 security key, cloud trust still requires Azure AD Connect but lets you run a PowerShell script to create the necessary trust between AAD and AD. Users will be able to sign in using a Windows Hello biometric device–the camera in their laptop or a fingerprint sensor – instead of a hardware key, get authenticated through Azure AD and get access to resources managed by Active Directory on your network with much less work for the IT team.

fido2-ticket-granting-ticket-exchange-process.jpg

Cloud trust will let Windows Hello for Business use Azure AD to sign users in to AD resources on your network.

Image: Microsoft

The UWP VPN APIs for creating and controlling VPN connections get some protocol and authentication updates and there are unspecified security updates in a range of Windows components, including the kernel and cryptography subsystem. 

Universal Print in Windows 10 Enterprise now supports print jobs up to 1GB (either a single file or multiple smaller files printed within a 15 minute window). It can print from OneDrive documents in a browser (including Excel for web by the end of 2021).

To simplify device management and encourage organizations to move from group policy to MDM, Windows 10 gets the same 1,400+ new MSM settings that you can apply though ADMX administrative templates, with policies for areas like App Compat, Event Forwarding, Servicing, and Task Scheduler. The new templates will be available later this week along with a spreadsheet of the policy settings, Microsoft tells us.  

Windows 10 is already getting the new Store from Windows 11; by the end of the year, it will be on every version of Windows 10 from 2004 onward. But the Windows Subsystem for Android and the Android app stores that come with it are just on Windows 11.

Microsoft already declined to say whether Windows 10 will get the smaller, faster monthly Windows Update packages from Windows 11 and we don't expect the EcoQoS feature that improves battery life on newer CPUs to come to Windows 10; and 64-bit emulation is also off the table.

Chris Lorigan, head of the Surface product portfolio at Microsoft UK,  previously told us that the Arm-based Windows Pro X would move to Windows 11. "The Pro X is our line in the sand; we're moving this form factor, this device specifically forward to only be available with Windows 11."

All Windows on Arm devices except the very first models from OEMs like HP can run Windows 11, and Microsoft has now said that moving to Windows 11 is the only way to get X64 emulation on Arm (even though Windows Insiders have previously tested the technology on Windows 10). The ARM64EC superset of the ARM64 architecture that allows developers to combine emulated and native code (particularly useful for plugins) is also only supported on Windows 11.

Tools for updating

Individual users will start seeing the November 2021 Update in Windows Update on PCs that telemetry from the Insider program shows good results on, if they have Windows 10 version 2004 or later. (Anyone still running version 2004 should upgrade sooner rather than later because it stops getting updates on Dec. 14, 2021.) They might also be offered the Windows 11 upgrade on the same PC, so IT teams will want to provide guidance if there's a company policy on which to use. As usual, not every user will see the update immediately, either because of possible issues with their specific device or because Microsoft is throttling availability so the update network isn't overloaded.

For organizations, the update can already be downloaded through Windows Server Update Services (including Configuration Manager), Windows Update for Business, Visual Studio Subscriptions, the Software Download Center (if you use Update Assistant or the Media Creation Tool) and the Volume Licensing Service Center (although some languages may be slower to appear on VLSC). It won't be available through the Microsoft Update Catalog. Despite the official name, the update will be named Feature Update to Windows 10, version 21H2 in Windows Update. It will automatically appear in WSUS if you configure Products and Classifications to Windows 10 under Product and Upgrades under Classification.

SEE: 83 Excel tips every user should master (TechRepublic)

Like Windows 10 20H2 and 21H1, the November 2021 Update is being delivered as an enablement package: That means the core operating system is still the same as Windows 10 version 2004, with the same set of system files that get updated, rather than a whole new set of system files. If you're running version 2004, 20H2 or 21H1, the code for the new features has already been included in monthly Patch Tuesday updates and the update that you download to get the new release is actually just the control code to turn those features on, so only one restart is required for installation. Earlier releases of Windows (including the 1909 Enterprise version that's still in support) will have to download the full feature update.

If you use the Windows Assessment and Deployment Kit (ADK), that doesn't need updating because the set of system files in the core OS remain the same.

Windows 10 Enterprise 21H2 builds are already available as both 32- and 64-bit ISOs in the Microsoft Evaluation Center, for 11 different languages, for 90-day tests. If you're using Windows 365 Enterprise, you can create Cloud PCs that use Windows 10 21H2 now; that will be available for Windows 365 Business soon. The new release is also supported on Azure Virtual Desktop.

The Windows Release Health now has a Windows 10 21H2 section with known and resolved issues (so far there's nothing specific to the new release). If Microsoft needs to block the November 2021 Update on any specific PCs, details of those safeguard holds will appear here (but enterprise customers will get more details in the Microsoft 365 admin center).

Calendar confusion

The November 2021 Update also gives us slightly a clearer picture of the Windows 10 roadmap, but this remains confusing because annual feature updates with current support lifecycles don't align with the promised end of support. 

Although Enterprise and Education versions get 30 months of servicing updates and support, the Windows Home and Pro versions get only 18 months: With the usual short grace period to cover deployment time, that takes support for the November 2012 Update to June 11, 2024, and June 13, 2023. As Windows 10 will remain supported until Oct. 14, 2025, that means there might be at least two more releases of Windows 10 and possibly three. 

SEE: Why Windows 11's security is such a big deal (TechRepublic)

Microsoft has already said it's planning another Windows 10 feature update in the second half of 2022. If it sticks with annual feature updates in late 2023 and 2024, there would need to be three releases to reach the final support update for Home and Pro users. But unless those releases come with a shorter service and support promise, the final update would remain supported past the current October 2025 cutoff (until spring 2026 for Home and Pro users and spring 2027 for Enterprise and Education). 

That would be popular: There are already calls for Microsoft to extend support for Windows 10 because of the number of PCs that can't be upgraded to Windows 11.

Alternatively, Microsoft could offer longer support for a second annual 2023 update for Home and Pro users–24 months instead of 18–but that would still mean the Enterprise version would be supported until spring 2026 (it's unlikely Microsoft would reduce the 30-month support). 

Nor would enterprise customers welcome Microsoft announcing and then breaking the annual release cadence they've repeatedly asked for to delay that second update until April 2024 to make the 18-month support lifecycle for Home and Pro match the end of support in October 2025. Again, Enterprise and Education versions would be expecting an extra 12 months of support beyond that (though that would more closely match the support lifecycle for Windows 10 Enterprise LTSC 2021, which runs for five years, with extended support till 2032).

More simply, Microsoft could simply extend the support lifecycle of the annual 2022 feature update to three years, underlining that it expects users to move to Windows 11 to get new features. 

It's also worth noting that the commitment is only to support "at least one version of Windows 10" until 2025: So, whether there's only one more release of Windows 10 after this or more, it's possible it's only the Enterprise version that will remain supported that long, with Home and Pro users cut off sooner.

Also see

By Mary Branscombe

Mary Branscombe is a freelance tech journalist. Mary has been a technology writer for nearly two decades, covering everything from early versions of Windows and Office to the first smartphones, the arrival of the web and most things inbetween.