We’ve grown used to a certain pattern in Windows 10 updates: two releases a year, one in the spring (H1) and one in the fall (H2), with the second offering longer support than the first. As a result, IT departments have left the H1 releases for consumers, using H2 as their annual updates. That made sense: the H1 release has been associated with bigger releases containing more features, including changes to the Windows user experience. It’s the H2 update that’s normally the smaller one, consolidating the changes from spring and adding features for IT professionals.

SEE: 69 Excel tips every user should master (TechRepublic)

Things are different in 2021 — not because of the pandemic, but because Microsoft is working on a major refresh of Windows 10, codenamed Sun Valley, for release towards the end of the year. That’s taken the H2 slot, leaving H1 for an IT-focused release with a handful of new features. Those new features have been driven by the changes in the way we work, finding better ways to support combinations of laptops and monitors, and providing improved tools for managing remote users.

21H1: just around the corner

Microsoft hasn’t announced a release date for 21H1 yet, but it’s clearly not far away. Windows Insiders have had access to it in the Beta channel, and it’s now available to IT users as part of Microsoft’s commercial pre-release validation program. If you’re an IT professional you can use Windows Update, Windows Server Update Services, and the Azure Marketplace to try it out. The Azure Marketplace option is a prebuilt image, ready to install and go, while the other two methods use a familiar enablement package (as used to deliver H2 builds) to download and turn on the 21H1 bits. If you prefer to make your own install images, Microsoft has provided an ISO image of build 19043, ready for you to add your own packages and build your own image.

As Microsoft offers installation options to cover most standard scenarios, you can use them to test how 21H1 will install on your device fleet. You’ll then be able to tell users how long an install should take, as well as ensuring that all your applications run on the new release.

Support for multiple Windows Hello cameras

Windows 10 21H1 now supports an external IR-equipped webcam for Windows Hello authentication, such as Logitech’s Brio Ultra HD Pro.
Image: Logitech

Probably the most significant new 21H1 feature is the addition of support for external Windows Hello cameras on devices that already have one built-in. Support for a second face-recognition camera is welcome because, with more people working from home and using laptops with large monitors, the built-in cameras used for Hello are often in the wrong place for quick log-ons. Depth cameras are now affordable alternatives to traditional webcams, and can be easily placed on top of additional screens for video conferencing as well as Hello authentication.

When you add a second Hello camera to a laptop running Windows 21H1 it’s automatically selected as the default. That way your monitor-mounted camera will be available for log-in as soon as you reboot. That’s the promise, but in practice it’s not so easy. Different cameras have different resolutions and different recognition patterns, and Windows 10 only keeps one set of biometric details (making sure that each account only has one authenticated user). So unless you reset your Hello settings by turning face recognition off and on again, before running an initial face capture, Windows will attempt to use data from a different angle and a different camera.

Once Hello is reset, an external camera works well. We tested it with a commonly available Kaysuda camera on a Surface Book 3 and had no problems; the camera was detected, installed, and ready to go with no need for additional software or drivers. All you need to remember is to reset Hello again when you disconnect your laptop. It doesn’t matter if you’re using your laptop’s USB port or a docking station; as long as Windows 10 21H1 has access to a camera with a supported depth sensor, Hello will work.

Improving security and management

The other new features may seem less important, but if you’re managing a large number of devices that have spent much of the last year working remotely, you’ll have seen how long it can take to push a new group policy out over consumer broadband. Much of Windows’ built-in management tooling assumes that users are connected to a corporate network, with a minimum of a 1Gbps connection and minimal latency. Now there’s no way of knowing what type of connection a user has, but you still need to ensure devices are compliant.

By improving the WMI Group Policy Service’s performance for remote work, you don’t need to switch all your devices to modern management via Intune or another MDM tool. Existing System Center policy management tools can still be used to push new group policies to devices, so you don’t have to change how you and your users work. With so much change in such a short time, keeping your existing management infrastructure makes it easier to keep your head above water.

SEE: Office 365: A guide for tech and business leaders (free PDF) (TechRepublic)

The final big change fits in behind the scenes, supporting a tool that, if you’re not using it, you really should be. Windows Defender Application Guard helps protect user PCs by opening web content and Office documents in a secure hypervisor-backed environment. Unlike Hyper-V, users don’t get presented with a whole virtual machine, only a normal-looking window. Meanwhile, under the hood, a whole thin virtual machine with the services needed to run that application has been spun up, isolated from the rest of your applications and services.

Users have been put off from using this useful security tooling as it’s perceived to be slower than running protected content without any isolation. Microsoft is speeding things up significantly, making it quicker to open documents. With Microsoft 365 making Application Guard part of its security tooling for working with documents from untrusted sources, reducing the risk of malware and phishing attacks, these changes should make it easier to push new policies to users and to protect data and applications.

No more old Edge

Other changes are less significant, moving some of the Windows applications to updating via the Windows Store, with other user interface changes coming in separate Feature Experience Packs. One change that will affect all your users is the switch to the new Chromium-based Edge. The 21H1 update will remove the original Edge browser from Windows, leaving only the new version. It’s not a surprising change: Microsoft ended support for the older Edge in March 2021, and removal has always been on the cards. If you have web applications that depend on the older Edge, it’s now past time to make sure that they work with the new release.

Windows 10 21H1 may not be a big Windows 10 release, but it’s still important. Its key features are essential for enhancing and securing remote work, which isn’t going away as businesses adjust to new hybrid work patterns. While many businesses may have planned only to install 21H2, the changes outlined here are useful enough to suggest that it should be worth installing 21H1 without significantly impacting users and the work they’re doing.