When the new version of Microsoft Windows 10 Pro and Enterprise arrives in April, the most obvious changes will be a revised user interface that uses what the company calls an “acrylic” theme. There will be a new light theme to offset the dark theme that arrived earlier, and some aspects of the user interface, such as the Start screen, are being simplified. For the IT department, the important changes are elsewhere.
For example, with the new version of Windows, you can remove some of the built-in apps as a way to keep users from making changes. There are improvements to the Windows System for Linux (WSL) that allow you to open and edit Linux files; there’s a new troubleshooting capability that is more context-sensitive; and Windows Update can uninstall problem updates automatically and restore the system to a state where it will work.
In addition, there are important changes to how Windows manages some aspects of your system and how the sign-on works, and you can manually sync the clock. Your users may appreciate that Search has been simplified and that Cortana is no longer part of Search, but rather is just a voice assistant.
On the security front, there’s a new Windows Sandbox in which the Windows hypervisor will let you run a clean virtual machine that’s isolated from your main OS. You can use it to run software about which you have doubts or to visit a website about which you have concerns. The Windows Security Center drops the word “Defender” and adds tamper protection and a protection history page.
Coming: Automatic Focus Assist
Finally, it’s not exactly an IT feature, but Windows 10 will get automatic focus assist, which will be invoked with full-screen displays. This means that your full-screen PowerPoint presentation will no longer show notifications while you’re trying to do a presentation.
On a related topic, but not part of the 2019 update, there’s a new version of the Microsoft Chromium-based Edge browser that’s about to be available for testing. The download link is available, but you will need to wait before you can use it. Right now, it’s only for some Azure accounts and for Microsoft employees.
The Windows Sandbox is an important development because it gives administrators access to a temporary virtual machine that can be used for testing applications that might have embedded malware or some other problem. The virtual machine uses the same Windows components as the host OS, so it’s always the same version, but it isolates the VM so that nothing within it can affect the primary machine.
However, the Sandbox has no means of saving the application that’s running in it. When the Sandbox is closed, everything it contains vanishes. This is similar to some versions of Edge, in which the tabs ran in a VM, allowing the browsing of dubious websites with little risk. Whether that capability continues with the new version of Edge—which is based on the open-source Chromium engine—remains to be seen. However, you can still run Edge within the Sandbox and be protected.
Embracing Linux Docs
The changes to the WSL extend Microsoft’s embrace of Linux, and while you can’t simply intermix Windows and Linux applications, you are able to look at files in the Linux file system, open files and modify them without causing corruption. You can do this using File Explorer or the command line. With File Explorer, the notation looks similar to connecting to a network asset. You have to have the Linux distribution running for this to work.
The changes to the Security Center will help with keeping an eye on damage caused by intruders, or presumably, malware. It’s intended to alert you when the Windows security settings are changed, at which point it will issue a tamper alert. It may be useful to track the activities of long-term threats that spend months inside a system because they’d have to change the security settings to accomplish that.
Whether there’s a way to prevent malware or intruders from interfering with the alert remains to be seen. The Protection History page should also reveal security events after they happen, and that might be harder to fudge.
The changes to the Windows sign-on function will allow the use of a phone number in addition to an email address. This means that a user can link a phone number to Windows Hello.
Reverts to Earlier Status When Desired
The new ability of Windows Update to revert to an earlier status after an update fails could prevent a number of headaches for the IT department during an upgrade. The way this works, when an update fails, and after you’ve tried other troubleshooting methods, Windows Update can remove the component that fails to run so that Windows can boot. If necessary, you can remove the entire update. Windows Update then will allow you to perform the update later, presumably after the problem has been patched.
One well-known change, the reserved space on your disk, may not affect you. Windows 1903 will reserve about 7 gigabytes of disk space to ensure that future updates have some place to go. This space is reserved automatically on new systems with 1903 installed and on existing machines that receive a clean install. Machines that get a standard in-place update won’t have this enabled, although you can enable it yourself later.
These updates will make things easier for administrators and some users, and they’ll help Windows security. They aren’t flashy, and most users will never know they exist, but for your IT operations, they could be a real help. You can test the new version of Windows if you’re part of the Windows Insider program by downloading it here.