Microsoft sheds light on Windows 10 security improvements

Microsoft has not really revealed a lot about Windows 10 up to this day. While it has released a preview build of the operating system and a first update for it recently, one could still come to the conclusion that Windows 10 is like Windows 8 but with a start menu and the option to run apps in windows on the desktop.

The company started to open up only recently and reveal additional information about Windows 10. It published a lengthy blog post today on the Windows For Your Business blog that details security improvements coming to the operating system.

Aimed at business and enterprise customers, it provides insight for consumers as well.

One of the changes discussed in the blog post is how Microsoft plans to change how users identify themselves on the system. Microsoft plans to eliminate single-factor authentication systems such as user/password log ins by building improved protection right into the operating system.

The core idea is to use the device itself as a factor for authentication while a password or fingerprint is being used as the second factor.

This is multi-factor authentication at its core but with the difference that the computer or device itself is being used as a factor in the authentication process.

Users enroll one, some or all of their devices and can use these devices for authentication then. This can be a mobile phone for example, a laptop or a desktop PC.

Users will be able to enroll each of their devices with these new credentials, or they can enroll a single device, such as a mobile phone, which will effectively become their mobile credential. It will enable them to sign-in into all of their PC’s, networks, and web services as long as their mobile phone is nearby. In this case, the phone, using Bluetooth or Wi-Fi communication, will behave like a remote smartcard and it will offer two factor authentication for both local sign-in and remote access.

Another new feature that Windows 10 ships with is better control over VPN connections. The operating system ships with control options to select which apps have network access when the device is connected to a virtual private network.

Security can be strengthened further by specifying ports and IP addresses of allowed connections.

A third change is an ability to lock down devices. This enables organizations to only allow trusted apps to run on a device. Trusted in this regard means signed using a Microsoft provided signing service. Apps in this context includes desktop (Win32) applications as well.

Last but not least, Microsoft attempts to protect information on corporate systems to avoid the leaking of corporate data by using automatic encryption for documents, emails and other sensitive information when it arrives on a device from a corporate network location.

With all that said, it is unclear right now which features discussed in this article will find their way into consumer versions of Windows 10 and which are limited to enterprise versions.