Windows 10 May 2020 (20H1/Version 2004) brings a number of new features and improvements to consumers, but Microsoft brings more features to IT administrators, including Windows for Linux, deployment optimization, improved virtualization, and more.
Here are the new features and content microsoft offers IT administrators:
Including Firefox and Chrome, Windows Hello can now support all major browsers as fast Identity Online 2 (FIDO2) authentication.
Now the user can use “Settings” and “Account” and “Login Options” to turn on “Let the device have no password” and can sign in without a password through the Microsoft account. Enabling passwordless sign-in will enable all Microsoft accounts on Windows 10 devices to switch to modern authentication using Windows Hello Face, Fingerprint, or PIN.
Support Windows Hello PIN login in system safe mode
Windows Hello for Business supports Hybrid Azure Active Directory and Mobile Phone Sign-in (MSA). FIDO2 security key support extends to azure Active Directory hybrid environments, enabling businesses with hybrid environments to take advantage of password-free authentication. Read more: Expanding Azure Active Directory support for FIDO2 preview to hybrid environments.
Windows Defender System Guard
In the May 2020 feature update, Windows Defender System Guard enabled higher-level System Management Mode (SMM) firmware protection. It not only checks the memory of the operating system, but also checks other resources, such as the registry and IO.
With this improvement, the operating system can detect higher levels of SMM compliance, enabling devices to be more resilient to SMM vulnerabilities. This feature is forward-looking and needs to be used with new hardware coming to market.
Windows Defender Application Guard
Chromium-based Edge browser is already online with Windows Defender Application Guard.
Note: Application Guard for Office is coming online soon.
Improved Windows Setup in this feature update, including
Shorter offline time at update
Improved control of reserved storage
Improved control and diagnosis
New recovery options
For more information, visit Windows Setup improvements in the Windows IT Pro blog.
In Windows 10 Version 2004, SetupDiag can be installed automatically.
SetupDiag is a command-line tool that can help diagnose why Windows 10 updates failed. SetupDiag works by searching windows Setup log files. When searching for log files, SetupDiag uses a set of rules to match known issues.
During the upgrade process, Windows Setup unzips all source files to %SystemDrive%$Windows.- bt/sources directory. In Windows 10 Version 2004 and subsequent releases, Windows Setup will now also install SetupDiag.exe into the directory.
If there is a problem during the upgrade, SetupDiag runs automatically to determine the cause of the failure. If the upgrade process goes well, the directory will be moved to %SystemDrive%/Windows.Old for cleanup.
In this feature update, IT administrators can configure Windows Autopilot’s user-driven Hybrid Azure Active Directory and support VPNs. This support is also backward compatible with Windows 10 Version 1903 and Version 1909.
If you have language settings configured in the Autopilot profile and the device is connected to Ethernet, all scenes will now skip the language, locale, and keyboard pages. In previous versions, only on-premises deployment profiles were supported.
Microsoft Endpoint Manager
An in-place upgrade wizard is available in Configuration Manager. For more information, see Simplifying Windows 10 deployments with Configuration Manager.
Windows and Assessment Deploy Toolkit (ADK)
You can now access Windows ADK and Windows PE add-on for Windows 10 Version 2004 here. If you want to see information about ADK, you can visit here.
Microsoft Deploy Toolkit (MDT)
Version MDT 8456 supports Windows 10 Version 2004, but there is currently a problem that causes MDT to incorrectly detect the existence of UEFI. The issue is currently under investigation.
Windows PowerShell cmdlets have been optimized.
Get-DeliverOptimizationStatus: Adds the “-PeerInfo” option to real-time peaks for peer-to-peer activity (e.g., peer-to-peer IP addresses, bytes received/sent).
Get-DeliverOptimizationLogAnalysis is a new cmdlet that provides a summary of activities in the DO log (downloads, number of downloads from peer, overall efficiency of the peer). Use the -ListConnections option to drill down into peer-to-peer connections.
Enable-DeliverOptimizationVerBose Logs is a new cmdlet that provides a higher level of log detail to assist with troubleshooting.
Enterprise network traffic restrictions, optimize the front and background of the throttle.
Provides automatic cloud-based congestion detection for CLOUD-enabled PC devices.
The Delivery Optimization policy has been removed from this Windows 10 Version 2004:
Maximum download bandwidth percentage (DOAMaxDownloadBandwidth)
Reason: Replaced by a stand-alone policy from the front and back office
Maximum upload bandwidth (DOMaxUploadBandwidth)
Reason: Only affect the Internet peer-to-peer uploads, not used in enterprises.
Absolute Maximum Throttle (DOMaxDownloadBandwidth)
Reason: Split to front and back office
Windows Update for Business
Windows Update for Business enhancements in Version 2004 include
Intune console updates:
If a target version is found, allow the administrator to specify which version of Windows 10 to upgrade to. In addition, this feature enables you to keep devices on the current version until they reach the end of service. Viewed in Intune, it can also be used as a Group Policy and Configuration Service Provider (CSP) policy.
To ensure that devices and end users remain productive and protected, Microsoft uses GuaranteeHold to block device updates when known issues affect the device. In addition, in order to better enable IT administrators to validate on the latest version, we have created a new policy that enables administrators to opt out of the built-in safeguards hold.
Windows Sandbox is an isolated desktop environment where you can install software without worrying about the lasting impact on your device. This feature was released with Windows 10 Version 1903. Windows 10 Version 2004 includes bug fixes and more control over the configuration.
Windows Sandbox improvements include
MappedFolders now support the target folder. Previously, destinations could not be specified and were always mapped to sandbox desktops.
AudioInput/VideoInput settings now let you share their host microphone or webcam with the sandbox.
The ProtectedClient is a new security setting that allows you to run a connection to a sandbox with additional security settings enabled. Copy and paste issues are disabled by default.
The printer is redirected. You can now enable and disable the host to share printers with sandboxes.
The clipboard is redirected. You can now enable and disable the sharing of host clipboards with sandboxes.
MemoryInMB adds the ability to specify the maximum memory usage of the sandbox.
Windows Media Player is also back in the Mirror for Sandbox.
Windows Sandbox has improved accessibility in this release, including
Added the ability to configure audio input devices through the Windows sandbox profile.
A Shift-Alt-PrintScreen key sequence that activates the accessibility dialog box for enabling high-contrast mode.
Ctrl and Alt and Break key sequences that allow entry/exit full-screen mode.
Windows Subsystem for Linux (WSL)
In this release, memory that is no longer used in Linux virtual machines will be released back to Windows. Previously, the memory of WSL virtual machines could grow, but would not be freed when it was no longer needed.
If your device supports virtualization, WSL2 support has been added to ARM64 devices. There is a complete list of updates on WSL, which can be found here.
Windows Virtual Desktop (WVD)
WVD is an important part of the Windows 10 system, and some enhancements are introduced in the new version. Check out the Windows Virtual Desktop documentation for the latest and most comprehensive information, as well as the WVD Virtual Event for March.
At the Build 2020 launch, Microsoft announced a number of improvements to the Edge browser, and more content can be accessed here.
When Windows restarts, the application that was in use before shutting down is automatically turned back on.
There are a number of improvements to the Windows 10 user interface in this release, including
Cortana gets updates and improvements in Windows 10 Version 2004
The chat-based user interface allows you to interact with Cortana using natural language queries in typing or spoken language, easily getting information across Microsoft 365 and staying on track.
Currently, English-speaking users in the U.S. can use productivity-focused features such as finding people profiles, checking schedules, joining meetings, and adding to lists in Microsoft To Do.
In the coming months, with regular app updates in the Microsoft Store, we’ll enhance this experience by enabling wake-up word calls and enabling listening when you say “Cortana” to provide more productivity features, such as e-mails and documents that will help you prepare for meetings, and expand support for international users.
Tighter access to Cortana, so before you can use Cortana, you must securely log in with your work or school account or your Microsoft account. Some consumer skills, including music, connected home and third-party skills, will no longer be available because access has been tightened. In addition, users receive cloud-based assistance services that meet Office 365’s enterprise-class privacy, security, and compliance commitments set out in the Online Terms of Service.
Move the Cortana window
It’s easier to drag the Cortana window to the desktop.
For more information, you can visit the Microsoft 365 blog.
Windows Search has been improved in a number of ways. For more information, visit Supercharging Windows Search.
Users can now rename the virtual desktop instead of the system’s default “Desktop 1.”
Pairing your Bluetooth device with your PC will be notified, so you don’t need to go into the Settings app to complete the pairing. Other improvements include faster pairing and device name display. For more information, see Improving the Bluetooth pairing experience.
Reset this PC
Reset this PC recovery now includes cloud download options.
Added the following in Task Manager
GPU temperature display for devices with unique features in the performance tab
The ability to display disk types on the performance tab
Graphics and display
The latest DirectX 12 features are already available in this release.
A new tablet experience for 2-in-1 deformed devices. When you remove the 2-in-1 keyboard, the screen is optimized for touch, but you can still maintain a familiar desktop appearance without interference.
In this update, devices running Windows 10 Enterprise or Workstation Pro and with multiple monitors can be configured to block certain applications for specialized purposes.
Here’s an example.
Fixed-function arcades and game consoles such as cockpit, cockpit, pilot, flight and military simulators.
Medical imaging equipment with custom panels (e.g. gray scale displays for X-rays)
Dedicated video surveillance scenes (e.g. Avid Pro, etc.)
Monitor panel testing and verification (e.g. in the factory).
Independent hardware vendor (IHV) driver testing and validation
To prevent Windows from using the display, select The Settings display, and then click Advanced Display settings. Select the monitor you want to see or change, and then set the Remove Monitor from desktop setting to On. The display will now be available for special purpose.
Desktop Analytics is a cloud connectivity service integrated with Configuration Manager that provides data-driven insights into Windows endpoint management in your organization. Desktop Analytics requires a Windows E3/E5 license, or a Microsoft 365 E3/E5 license.
More information about Desktop Analytics can be found here.
Windows 10 Version 2004 is now widely available and can be downloaded from MSDN, Windows Media Creation Tool, or Windows Update.