We finished off February with an all clear for that month’s Microsoft updates. So if you haven’t installed updates as we get into March, make sure you do so at this time.
I do recommend that you skip KB4535680, the Microsoft secure boot patch that’s been disruptive if you have Bitlocker enabled. (Many patchers reported that it triggered the Bitlocker recovery password.) If you got it installed, fantastic! You don’t need to uninstall it now. There isn’t a problem with the update; instead, there is a problem during the installation and for workstations with Bitlocker.
Instead of looking back on February’s patches, I urge you now to look forward to the next version of Windows 10 21H1. Microsoft has announced that the 21H1 release will not be a major release; it’ll be more like the minor releases we normally see in the fall. Once again, the biggest updates appear to be security features for business.
Businesses have a variety of tools and extended maintenance windows for enterprise versions, and yet, they do not take advantage of the increasing security benefits of Windows 10. Conversely, home and consumer users don’t see the advantages of these feature releases, they just see that things change — and not always for the better.
The new features announced for 21H1 – there are three big ones — probably won’t be deployed by businesses for many months. They include:
- Windows Hello multicamera support, which will set the default as the external camera when both external and internal Windows Hello cameras are present. Clearly, the COVID-19 pandemic has increased our need for web cameras for Zoom and Teams meetings. But that means that the Windows Hello biometric functions need to know which camera is the best one to use while signing in. This setting ensures that the camera you are using as the primary camera will be the one that gets priority.
- Windows Defender Application Guard performance improvements, which include optimizing document-opening scenario times. Windows Defender Application Guard (I think Microsoft means Microsoft Defender Application Guard, given its renaming) refers to an Edge addition that scans documents as you open them in your browser. Note: this is only available on Windows 10 Pro versions and higher.
- Windows Management Instrumentation (WMI) Group Policy Service (GPSVC), which improves performance to support remote-work scenarios. Once again, this improvement — while needed for work from home — does not provide additional features for standalone users working remotely at this time.
For Windows 10 Professional users, you can enable Microsoft Defender Application Guard by clicking on the search box, then searching for Turn Windows Features on or off and scrolling down until you find Microsoft Defender for applications. Turn it on. It’s an easy update, but it will demand a Windows 10 reboot. Since it’s a virtualized, isolated instance of Edge for secure browsing of untrusted sites, I’ve got it running on my home computers. That way, I’m as protected as I can be on machines that I’m more likely to do more unsafe browsing.
This week, Microsoft is rolling out its second all-digital version of Microsoft Ignite. As a person who is also a Microsoft MVP in the category of security, I am reminded of the unusual year we’ve had and how much the pandemic has impacted tech conferences. Last year at this time, Microsoft had planned an MVP summit – the annual in-person special event for Microsoft MVPs.
That 2020 event was slated to be held last March 15. But on March 2 — a year ago yesterday — Microsoft pulled the plug and pivoted to an all-digital conference. It was the first virtual conference of many I’ve attended this year, something that’s become the new normal for conference attendees. I share this story clearly even Microsoft continues to be impacted, given that the 21H1 release will be a smaller update. The company seems to realize that with many of us no longer doing “computing as usual,” we can’t deploy these larger updates like we used to.
I always see these official events from Microsoft as a way to peek behind the scenes and see what’s coming for the future. Though the conference is clearly geared towards enterprise users, I always look for any hints about long-term plans for Windows 10 in small businesses. One advantage to online virtual conferences is that, like Ignite, many are now free and no longer require travel. With merely a Microsoft account, you can sign up for a conference and attend virtually.
Ahead of Ignite, Microsoft made several announcements that affect businesses that have opted out of disruptive feature releases. Long Term Servicing Branch, the version many companies used so they could avoid feature releases is getting some changes. Unlike the Windows 10 you and I use, LTSB doesn’t get semi-annual feature releases; it gets routine security updates each month and nothing else.
Last week, Microsoft announced it was slashing the support window from 10 years to five for the next release of the LTSB version. Then it indicated it will be also cutting the support window for Office perpetual licenses sold to businesses.
I personally hope that as Microsoft pushes businesses away from the LTSB version and onto the Windows 10 you and I use, these feature releases will become, well, boring. I’m getting a bit tired of worrying about what I’m going to need to make sure Windows 10 still works after each feature update. Once a year is more than enough change to deal with.
As always, join us in the conversation over on the AskWoody forums.