New security features in Windows 10

Fresh Start

Show Your Face

Many experts believe passwords don't provide adequate security, and, even if they did, all too many users fail to implement secure password rules and procedures. Windows 10 provides built-in support for hardware technologies that offer alternative authentication options. The Windows Hello [4] feature uses facial recognition to log in a user with a familiar face. Eyes or fingers can also serve as identification. You do, of course, need a compatible hardware device that supports Window Hello, such as a built-in iris scanner. The hardware manufacturers still have some work to do in building reliable systems, but Microsoft assumes many manufacturers will provide biometric hardware solutions in the next 12 months. The situation already looks better for fingerprint sensors. All available solutions are supported by Windows 10. Windows Hello also supports all Intel F200 and future Intel RealSense facial recognition solutions, and you can use Hello with all other IR solutions that meet the Microsoft sensor specifications.

Microsoft Passport [5] is essential for using Windows Hello. Passport is not the single sign-on service from earlier days (previously called Microsoft Wallet, .NET Passport, Microsoft Passport Network, and, most recently, Windows Live ID). Instead, the Microsoft Passport in Windows 10 is more of a password management tool.

If a user wants to log on to a system or application, Microsoft Passport does not send the password to the authentication component; instead, it forwards the authentication request to Windows Hello. Windows Hello can then use different authentication methods, such as facial recognition or finger and eye detection. Alternatively, authentication can occur using a PIN if the necessary hardware requirements for using Windows Hello are not met.

The Computer as a Second Logon Factor

Multifactor authentication (MFA) is another important security feature in Windows 10. The MFA options are based on the open standards of the FIDO Alliance and should reduce the need for additional devices, such as smartcards and tokens. In Windows 10, the logon credentials for a device can be either a key pair provided by Windows or a certificate provided by the company's own PKI infrastructure. As soon as a user has successfully logged on, the logon credentials are stored in a secure, Hyper-V-based container.

Data Loss Prevention in the Cloud

The extra protection against loss of corporate data is an additional security feature in Windows 10. Since Windows Vista, BitLocker has provided the option to encrypt whole hard drives and to encrypt individual files using the encrypted filesystem (EFS). However, this protection only applies to data stored on the local network. Encrypting data as soon as it leaves end devices will become more important in the future because of the increasing use of mobile devices in corporate environments.

Azure, Active Directory, and Information Rights Management in Microsoft Office and Exchange Server already provide some protection for when corporate data leaves the corporate network. However, these technologies must be configured by administrators first and then enabled and employed by users.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=