Microsoft outlines security improvements planned for Windows 10

By John Callaham
published

While the final version of Windows 10 won't be launched for at least several months, Microsoft already has plans to offer users a ton of security improvements for the operating system. Today, the company outlined some of those planned features in a lengthy blog post.

One of the new improvements will help better protect users from identity theft when using Windows 10-based devices. Microsoft says:

"Once enrolled, devices themselves become one of two factors that are required for authentication. The second factor will be a PIN or biometric, such as fingerprint. From a security standpoint, this means that an attacker would need to have a user's physical device – in addition to the means to use the user's credential – which would require access to the users PIN or biometric information. Users will be able to enroll each of their devices with these new credentials, or they can enroll a single device, such as a mobile phone, which will effectively become their mobile credential. It will enable them to sign-in into all of their PC's, networks, and web services as long as their mobile phone is nearby. In this case, the phone, using Bluetooth or Wi-Fi communication, will behave like a remote smartcard and it will offer two factor authentication for both local sign-in and remote access.

Microsoft says they also hope to prevent attacks on user access tokens in Windows 10 "with an architectural solution that stores user access tokens within a secure container running on top of Hyper-V technology."

In terms of protecting information and data, Microsoft says:

"In Windows 10, we address this problem with a data loss prevention (DLP) solution that separates corporate and personal data and helps protect it using containment. We are building this capability into the platform itself and integrating it within the existing user experience to enable protection without the disruption frequently seen in other solutions. There will be no need for your users to switch modes, or apps in order to protect corporate data, which means that users can help keep data safe without changing their behavior.

Microsoft also wants to protect users from malware via downloaded apps. It states:

"Organizations will have the flexibility to choose what apps are trustworthy – just apps that are signed by themselves, specially signed apps from ISVs, apps from the Windows Store, or all of the above. Unlike Windows Phone these apps can also include desktop (Win32) apps – meaning that anything that can run on the Windows desktop can also run on these devices."

There's a lot more detail about what Microsoft has planned for security improvements in Windows 10 in the blog post. Do you think these measures will make using the OS safer when it launches?

Source: Microsoft

John Callaham
John Callaham
26 Comments
  • Love the snap mode....:)
  • Did anyone notice that in the new build of Windows 10 the snap mode no longer exists? At least it does not for me.
  • Yes, just like colored titlebars for Universal Apps, it has been removed. Like Microsoft said "some features have gone backwards [to their previous state]". This will return in a future build, perhaps the next one. Microsoft said that a much inproved version would be coming of these kind of features.
  • Sweet :)) love what Microsoft is doing there :3
    I mean thats a great plus for the mobile First programm and an other big reason to buy a windows phone :)
    And I love that security:D still I won't get win 10 on the normal way
  • Cant wait
  • Sry to go off subject, but does anyone know how to add a location to an appointment on the Windows phone calendar? You know... Like on the ads with Cortana telling you to leave early because of traffic?
  • I know there is a spot for location in the main calendar app when you add an appointment but have not tested the reminder feature. Maybe someone else can comment on that specifically
  • http://www.windowsphone.com/en-us/how-to/wp8/email-and-calendar/use-cale...
  • @diplomat696 is right.  You just need to type the location into the Location area in the specific appointment.  I have a Lumia 1520 on Dev Preview and it actually searches for locations as you type similar to how it's described in this thread: http://forums.windowscentral.com/update-1-windows-phone-8-1-gdr1/301405-calendar-app-now-searches-locations.html. Also, for reminders (like on the commercials), they pop up when you have a location entered in (I'm in the US so if you're not, YMMV).  I try to add a location to all appointments whenver possible so I can take advantage of this Cortana feature.  :)  
  • I have my region set to U.S, so I have Cortana on my Lumia 930, but I'm actually in Denmark, and the suggestions do not come up as I type
  • Today 16 articles from John alone! Or am I missing something really big O.O
  • Sweet. I'm really enjoying watching w10 progress. Love the latest update.
  • That's actually exciting news, very good ideas outlined here. Maybe we can use the authenticator app that's spread available on WP store.
  • Windows 10 is shaping up quite nicely
  • One thing I am not liking about Win 10 is that when I'm in the game and I want to go to the desktop, I usually press alt+tab, and it goes opens desktop. But in windows 10, I should add windows that's kinda annoying...
  • Is the mobile authentication device able to be an IOS or Android device? Not so many Windows phones out there.
    I wonder if a watch will be able to do the job.
    Or if Microsoft will make a small Bluetooth authenticator dongle.
  • I want fingerprint sensor, anything else
  • I don't know if my brain is just going soft from lunch but did this line..(Unlike Windows Phone these apps can also include desktop (Win32) apps – meaning that anything that can run on the Windows desktop can also run on these devices.) just say win32 apps will run on any device?
  • And I dont understand what are they mean
  • The small quote obscures the context of Microsoft's statement.   They're talking about enterprise environments with company-owned/issued laptops.  Companies have long had the ability to restrict which Windows Store (aka metro) apps could be run on their machines.  This is sufficient for their Windows Phones since those are the only apps they can run, but this is inadequate for laptops and desktops since they can run Win32 apps as well.  In Windows 10 Microsoft is extending those security features to include all applications, store or Win32.
  • And hopefully they'll finally prevent powering off a locked phone.
  • I wonder if this new device authentication security system includes the coming smart watch/band. If that thing has a finger print scanner then it could connect to your devices and log you in.   
  • I love that Microsoft is being completely transparent with each Win10 feature. It will insure its success. Listening to their costumers and testing every detail is the best decision coming from the new Microsoft.
  • Way to go Microsoft!
  • This is exciting.
  • Happily focused on security,are they going to next sell us devices with Hand scanners like Apple and Samsung?