Microsoft has announced another lure for CISOs who have been holding back on adopting Windows 10 in their environments — improved security.
The company said last week that the Win 10 Anniversary Update that will be released Aug. 2 will include new capabilities to Windows Hello, the operating system’s multi-factor authentication solution for (hopefully) ending users’ need for passwords, to make it easier to use external devices like smart phones, wearables, specialized USB fobs and smart cards as one of the authentication pieces.
When Win 10 was first released users had to enroll their PC as one of the device-based factors. The Anniversary Update will include a new Windows Hello Companion Device framework for using external devices as an authentication factor.
In conjunction with the changes the Microsoft Passport brand — which only referred to credentials users get for authentication once user verification through two or more factors had occurred — will be retired, because that function will be swallowed by WinHello.
Microsoft says enterprises or device makers can tailor devices for a number of scenarios such as
- users who want to use a device infrequently, or just a single time (for example, at a kiosk) and want to avoid enrolling their identity on each device. This might appeal to retailers or the heathcare sector;
- where regulators make organizations physically separate a user’s credentials from the device they are signing into. This might appeal to public sector or defence sectors;
- where the organizations wants users to be able to quickly access a device by just tapping a smart card to sign without entering in a PIN or using biometrics. Microsoft thinks manufacturers might want that.
In fact the framework enables hardware vendors to develop solutions for two types of companion devices, says Microsoft. The first type is a device that is paired with a PC that is already enrolled with Windows Hello. In this case, the companion device doesn’t store the user’s credentials on it. Once paired, signing into a PC can be based on the companion device being within in the proximity of the PC, or it can be based on proximity plus an additional factor, like a biometric.
The second type of devices provide advanced security needed in regulated sectors or where the mobility of the Windows Hello credentials is useful or required. The companion device includes all of the factors for user verification and it also stores the user’s credential on it. This makes Windows Hello and the user’s credentials mobile, enabling the user to access devices without having to enroll their identity on each and every device, says Microsoft [Nasdaq:MSFT].
The company also said two other features will be added to Win10 in the Anniversary Update:
–Windows Defender Advanced Threat Protection is service for helping enterprises to detect, investigate, and respond to advanced attacks on their networks. The service examines the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline, Microsoft said. Simplified investigation tools allow examination of process, file, URL and network connection events for a specific machine or across the enterprise. A cloud-based detonation service enables files and URLs to be submitted to isolated virtual machines for deep examination.
Pricing wasn’t announced.
–To help protect businesses from accidental data leaks the Anniversary Update will also offer Windows Information Protection, formerly referred to as enterprise data protection. Windows Information Protection enables businesses to separate personal and organizational data on mobile devices.
The free Win 10 upgrade for those using Windows 8 and 7 ends July 29. The Anniversary Update is available only for those on Win10.