Released in October 2020, the most recent update to Microsoft’s Windows 10 operating system has only just begun gaining steam in mass deployment worldwide. Whether it’s come down to the global pandemic, compliance testing, or simply out of an abundance of caution, the slowness is finally picking up steam and more devices are starting to make the transition to update version 20H2.
SEE: Windows 10 20H2 update: What you need to know (free PDF) (TechRepublic)
Beginning with this release, Microsoft has opted to change the nomenclature from a version number based on the year and month pattern, to that of the year and half-year pattern. This results in a clear indication of the timing of the update at a glance. Support for updates will not change, as Microsoft indicates support for 30 months of servicing from release date for Enterprise and Education editions.
Deployment of this update will continue to be made available through Windows Update for all instances. Enterprise environments managing their devices via SCCM or MDT can continue to create packages to deploy the updates to devices in scripted fashion, in either automated or self-service models.
Here are some of the new features you can expect with Windows 10 20H2 update.
While initially introduced in update 2004, Autopilot has received a number of enhancements in managing and reporting for supported devices. Whether tasks are deployed with co-management in mind or not, Autopilot aids administrators in providing as standardized desktop environment from the device vendor to unboxing and setup by the end-user, utilizing tasks, policies, and reporting to ensure that each device is configured exactly as intended and that users are delivered the environment they need to get working faster.
This feature is integrated with Configuration Manager to provide insight into the management statuses of devices within the organization. The cloud-connected service works to identify the state of a particular set of applications, providing administrators the ability to configure apps quickly and efficiently, in uniform fashion across the enterprise, and to remedy any that have not met the baseline criteria.
SEE: How to securely donate old Windows 10 PCs (TechRepublic)
MDM policy enhancement
Admins with experience managing their infrastructure with Group Policy (GP) now have the Mobile Device Management (MDM)-enabled equivalent to leverage control over MDM-managed devices using the Local Users and Groups MDM policy. This policy, much like its GP counterpart, allows for baseline templates to be applied to groups of devices or granularly applied to specific devices, aiding in the security and compliance of managed endpoints.
Microsoft Defender Application Guard for Office
Microsoft’s Defender Application Guard technology allows for devices with the optional service enabled to leverage the built-in Hypervisor to create a virtualized environment, or VM, to isolate data and apps and prevent their interaction from compromising the system or otherwise allowing malicious code to operate outside the confines of the container. Microsoft has taken this one step forward to include Office documents and data to run containerized as well, to prevent untrusted data, such as macros for example, to run unfettered on a system and inject any malicious code into the device.
Microsoft Edge based on Chromium
Microsoft has further modernized its Edge browser by rebuilding it on the open source Chromium code base. In addition to the switch, the new Edge browser works in tandem with other Microsoft products, such as Office 365 and Microsoft endpoint security standards to ensure that data remains secured and accessible across all Microsoft platforms and services. Additionally, the new Edge provides compatibility with Internet Explorer apps and sites, allowing a transitionary period between current use and end-of-life dates for both Internet Explorer 11 and Edge Legacy support.
SEE: How to uninstall the Edge browser in Windows 10 using PowerShell (TechRepublic)
This is another technology that existed prior to the 20H2 update but has been further enhanced and made more secure, by adding support for virtualization-based security. This further protects biometric sensors used in authentication by adding another layer of security to isolate the security data.
Sandbox technology is not new to Windows 10, but new features found in the most recent update allow even more flexibility and expanded capabilities for those who use Sandbox to test applications, software, or simply provide a secure, isolated environment with which to extend productivity while keeping data and resources containerized, shielding mission-critical and system-level processes.
SEE: Microsoft’s new security chip takes PC protection to a higher level (TechRepublic)
No change to the OS would be complete without some additions to the underlying shell. Thankfully, no major changes to the operating system have been made, but several thoughtful aesthetic ones have made their way onto 20H2. Notably, notifications have been modified to provide better readability and using the Alt + Tab keyboard shortcut to toggle between open windows has added support for toggling between open tabs in Edge for a user friendly change. Sadly, one not-so-friendly change for some IT pros is the removal of the Systems setting in the Control Panel. While the Systems panel has been migrated to the Settings > About page—and that is the only change thus far to the Control Panel—this change is a step forward is the belief that eventually more Control Panel settings will be migrated to the Settings app.
Windows Virtual Desktop
This service runs in conjunction with Microsoft Azure and allows users to securely connect to a full desktop environment in the cloud. By allowing management via Microsoft Endpoint Manager, admins can securely and effortlessly manage cloud-hosted VMs—including policies and app provisioning post-enrollment—providing users another way to stay productive.