The Windows Insider Program gives you access to preview builds of Windows 10 and Windows Server 2019, so that you can try out new features and provide feedback directly to Microsoft. In essence, it helps you help us create smarter and better products that work the way you want. If you use Windows 10 at work, or have users that use Windows 10 at work, and would like to participate in the Windows Insider Program, we offer the Windows Insider Program for Business.
The Windows Insider Program for Business offers benefits, such as the ability to manage the use of Windows Insider Preview builds across your organization and the ability to submit feedback that will help shape Windows for your organization.
Members of the Windows Insider Program for Business are already working with the next version of Windows 10 via the Slow Ring and through Windows Server Update Services (WSUS). Here is an early peek at the great commercial features coming later this year.
Windows Setup enhancements
Reduced offline time during feature updates
Since Windows 10, version 1703, we've been steadily reducing the time a user cannot use their device during a feature update. With Windows 10, version 2004, offline time continues to decrease, from a median time of over 80 minutes in version 1703, to less than 20 minutes in version 2004, including only a single reboot for many users.
Improved controls for reserved storage
With the release of Windows 10, version 1903, we introduced reserved storage for newly manufactured PCs, and clean Windows 10 installs. Reserved storage increases the likelihood that Windows operating system (OS) updates can be downloaded and installed without users having to free disk space. With this release, we've added a new set of Deployment Image Servicing and Management (DISM) commands and APIs so you can enable and disable reserved storage on demand, including on Windows 10 devices that were not shipped with Windows 10, version 1903 and higher. For example, you can use the commands below to check whether reserved storage is enabled, and then enable it if desired. For more information on these controls, see DISM Reserved Storage Command-line Options.
Improved controls and diagnostics for Windows Setup
Windows 10, version 2004 provides you with more control when upgrading Windows 10 using Windows Setup. We've provided additional controls for Dynamic Update, including the ability to search, download, and install Dynamic Updates, but exclude the latest quality update and/or driver updates. We've also provided options to help you take advantage of reduced offline time for users. With this release, you can instruct Windows Setup to start update operations on the down-level OS without initiating a reboot to start the offline phase then instruct Windows Setup to complete the installation at an appropriate time. For more information, see /DynamicUpdate, /SkipFinalize and /Finalize. Windows Setup now also provides additional diagnostic information to troubleshoot update failures by integrating SetupDiag. For more information, see Deployment Troubleshooting and Log Files.
New Windows 10 OS recovery from the cloud
Windows 10, version 2004 introduces a new way to reset your PC. Earlier releases of Windows 10 supported an “imageless” OS recovery model, whereby a new copy of Windows was constructed from the existing installation. With this release we've added the option to recover Windows 10 by downloading the necessary files from the cloud, resulting in increased reliability and, depending on your internet speed, a faster recovery. Read about the cloud-reset process here.
Delivery Optimization enhancements
New PowerShell cmdlets
Many PowerShell commands have been added to Delivery Optimization, the networking service in Windows that reduces bandwidth consumption by sharing the work of downloading update and upgrade packages among multiple devices in your deployment. The following commands—added based on feedback from commercial customers—are now available to help you get a deeper look behind the scenes:
Get-DeliveryOptimizationStatus -PeerInfo For a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent)
Get-DeliveryOptimizationLogAnalysis Get a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the -ListConnections flag to for in-depth look at peer-to-peer connections.
Enable-DeliveryOptimizationVerboseLogs For greater level of detail to assist in troubleshooting
In addition to the PowerShell commands, we've also made these enhancements:
Enterprise network throttling We've made enhancements to optimize foreground vs. background throttling.
Automatic cloud-based congestion detection This feature will leverage the power of the Delivery Optimization cloud service to help identify download storms on your network. In short, the existing policy to delay background downloads from HTTP will indicate that the cloud service is allowed to dynamically back off downloading updates from the cloud for some devices (while continuing to leverage local peer sources). Similarly, the same feature can help improve overall peer utilization by dynamically choosing which devices can download updates first. This feature is particularly useful to those of you who are deploying via rings and would like to avoid selecting individual devices in ring 0 (which can be cumbersome if you have thousands of sites). (Note: This client feature requires a cloud service support, which will be available in the near future, for full functionality.)
Built-in security enhancements
We've also made enhancements to the built-in security of Windows 10. Here are just a few.
Windows Defender Application Guard
Windows Defender Application Guard for Microsoft Edge on Chromium Application Guard helps protects users and devices from old and newly emerging threats using containers to open files received from untrusted or potentially unsafe locations. When enabled, Application Guard works for Internet Explorer 11, Microsoft Edge, and now Microsoft Edge on Chromium.
Application Guard for Microsoft Office
Application Guard for Office is automatically enabled when Application Guard policies are enabled in Windows 10, the documents are being opened with the Office 365 ProPlus client, and the user opening the document is assigned a Microsoft 365 E5 license or a Microsoft 365 Security E5 license.
Windows Hello for Microsoft accounts You can now enable passwordless sign-in for Microsoft accounts on your Windows 10 devices by going to Settings > Accounts > Sign-in options, and selecting On under Require Windows Hello sign-in for Microsoft Accounts. This will strengthen device sign-ins by switching all Microsoft accounts on the device to modern multifactor authentication with Windows Hello Face, Fingerprint, or PIN, and eliminating passwords from Windows. (For improved security, set Only allow Windows Hello sign-in for Microsoft accounts on this device to Recommended.)
Windows Hello PIN added to Safe mode Because Safe mode starts Windows 10 using only a limited set of files and drivers, a username and password were traditionally required to logon. We've now enabled the Windows Hello experience for devices started in Safe mode.