Aside from the shiny new bells and whistles that every user sees in Windows 10, there are significant changes and differences “under the hood” too.
Windows 10 will incorporate multi-factor authentication technology based upon standards developed by the FIDO Alliance. (The Fast IDentity Online Alliance is an industry consortium that was launched in February 2013 to address the lack of interoperability among authentication devices.) Windows 10 includes improved support for biometric authentication through the Windows Hello and Passport platforms. This means that devices with supported cameras (those with infrared illumination) will allow users to login with face- or iris-recognition, and devices with supported readers will enable fingerprint-recognition login. Credentials will be stored locally and protected using asymmetric encryption.
Microsoft 10 is designed for identity protection as well as access control. This two-pronged approach protects users in case their devices are compromised, and makes phishing attacks ineffective. Windows 10 employs two-factor authentication mechanisms which rely on both the user’s device, which is the first factor, and a PIN or biometric (e.g. fingerprint), which is the second factor. Any attacker would need both the targeted user’s PIN or biometric information as well as physical access to the device.
The enterprise version of Windows 10 offers additional security features such as the ability of administrators to set up policies for the automatic encryption of sensitive data and selectively block applications from accessing encrypted data. Device Guard is a Windows 10 system which allows administrators to enforce a high security environment by blocking the execution of software that is not digitally signed by selected trusted vendors or by Microsoft itself.
Windows 10 is designed to protect sensitive corporate data going both ways. When it’s stored on the device and when it leaves it. Microsoft has introduced a data loss prevention solution that separates corporate data from personal data. Corporate apps, emails, website content and other data are automatically encrypted when they arrive on a device from other locations within an organization, and users are able to define which of the original content they create is corporate information and which are personal files. Administrators can implement policies to enforce specific protocol.
Windows 10 also addresses risks associated with VPN connectivity. (A virtual private network “VPN” extends a private network across a public network, such as the Internet.) The new operating system enables administrators to specify which apps are allowed and which apps are not allowed to access the organization’s VPN. Access can be restricted based on ports and IP addresses. Another security feature being discussed will allow organizations to lock down specific computers to protect them against malware infections.
To reduce storage requirements, Windows 10 will automatically compress system files. This feature can reduce the storage footprint of Windows by approximately 1.5 GB for 32-bit systems and 2.6 GB for 64-bit systems. The level of compression used will be dependent on a performance assessment performed during installations.