You have just upgraded to the most recent version of Windows 10. Before returning to work, use this checklist to make sure your privacy and security settings are guaranteed.
Upgrades to a full version of a Windows PC were rare before: most people only had to experience an upgrade every three to five years, and then usually as part of the purchasing process from a new PC.
Today, in the era of “Windows as a service”, you can expect a feature update (essentially a full version update) approximately every six months. If you can skip an update or even two, you can not wait more than 18 months before being forced to update your OS.
For upgrades, the process is simple. After about an hour (more or less, depending on the underlying hardware), you should be back to work, with most of the applications and settings successfully migrated.
In any case, clean up the installation or upgrade and use this checklist to make sure you’ve covered some important basics that aren’t part of the Windows installation. Note: All of these steps have been tested with the Windows 10 update for May 2019 (version 1903) and the Windows 10 update for October 2019 (version 1909).
1. Create a recovery drive
Sure, your Windows 10 installation is working fine now, but if it doesn’t start properly, you’ll be happy to have a recovery drive handy.
Booting from this specially formatted USB drive gives you access to the Windows Recovery Environment (WinRE), which you can use to resolve the most common boot problems. You need a USB stick. Its size should be at least 512 MB for a bare recovery disc and at least 8 GB if you also want to include Windows installation files.
You can find a shortcut to the desktop application of the recovery drive on startup, under Windows Administrative Tools, or you can search for it. In either case, you will need to provide the credentials of an administrator to run the tool.
2. Secure your user account
If you are using a local account, your credentials are stored locally, and there is no way to provide a second authentication factor.
However, signing in with a Microsoft account or Azure Active Directory account (such as the account you use for an Office 365 Business or Enterprise subscription) means that you can configure two-factor authentication (2FA) that requires an external confirmation from an application on your reliable mobile device.
Both types of accounts are free. If you are concerned about privacy, create a new Microsoft account to be used only for this purpose, and do not combine @ outlook.com with another service.
To configure 2FA for a Microsoft account, log on to the following link. This page displays the options displayed here: you can enable two-step verification, configure a mobile authentication application, and manage trusted devices, among other tasks.
To manage security settings for an Azure AD account, go to this link, select Manage security and privacy, and then follow the links under Additional security verification. To add this page to your favorites, use this link.
Finally, if you have the hardware to support it, turn on Windows Hello. The options for facial recognition and fingerprint identification are available under Settings> Accounts> Connection options.
3. Enable BitLocker Drive Encryption
Encrypting each drive containing personal data is a crucial step in security. Without encryption, anyone who steals this device can mount the player in an operating system of their choice and siphon data with ease. With encryption, accessing your data requires an effectively indecipherable encryption key.
Full-strength BitLocker encryption requires a TPM (Trusted Platform Module) chip and a professional version of Windows. On modern laptops with Windows 10 Home, you can turn on device encryption if you’re signed in with a Microsoft account. This option protects the contents of the system drive but does not allow encryption of secondary drives.
Make sure, however, to save a copy (or two) of your BitLocker recovery key.
4. Configure Windows Update
The good news is that Windows 10 includes automatic and cumulative updates that allow you to continuously run the latest security fixes. The bad news is that these updates can happen when you don’t expect them, with little but any chance that an update will break an app or feature you rely on for daily productivity.
If you’d rather let the rest of the world test monthly security and reliability updates before validating the installation, you should use Windows 10 Pro or Enterprise, not Home. With these professional editions, you can postpone updates for up to 30 days.
After completing a Windows 10 upgrade, the first thing to do is go to Settings> Update & Security> Windows Update and click on Check for Updates. Install all available updates, including updated drivers.
Then, on the Windows Update page in Settings, click Change active hours to specify your normal working hours (a window of up to 18 hours), when you don’t want to be interrupted by updates. Then click on Advanced Options and define your deferral periods for monthly quality updates.
Note that you must be logged in as an administrator to see the options displayed here, and these options are not available if you are running a Windows 10 Insider build preview.
When you receive this reminder, you can choose to manually install the updates or repeat the reminder and complete the task a few days later. Automatic updates will not be downloaded and installed until the deferral period you have specified has elapsed.
It is also recommended that you open the Store app and click the three dots in the upper right corner, then click Downloads and Updates to install any available updates. Windows 10 will update these apps automatically, but you can speed up the process by checking them manually.
5. View privacy settings
By default, Microsoft collects a significant amount of diagnostic information when you use Windows 10. This information is, according to Microsoft’s privacy policies, used exclusively to personalize your experience with Windows and “to help [Microsoft] provide an experience safe and reliable. “
You cannot completely disable the telemetry feature, but you can choose to send only a limited amount of data about your use of Windows 10. To do this, go to Settings> Privacy> Diagnostics & Feedback and change the setting under the heading Diagnostic data in the section Diagnostic data from Full to Basic (here too, you must be an administrator and this option is set to Full and cannot be modified if you are using an Insider preview version).
You can also make two other changes to it. Disable the Custom Experiences option, then, under Feedback Frequency, change the setting to Never to avoid telling Microsoft that you prefer not to be asked for comments when using Windows 10.
6. Connect other accounts
The Microsoft account or Azure AD credentials you use to sign in to Windows allow you to sign in to applications using the same credentials. It is therefore particularly easy to get your email and calendar using the integrated Mail & Calendar application.
If you have additional accounts (especially Office 365 and Gmail accounts), now is a good time to add them to Windows so they can also be used in apps. If you need to use two-factor authentication for these accounts, you can do it once here and save yourself a lot of hassle later. Connecting your Office 365 account, for example, allows you to add that account to Microsoft Outlook and configure OneDrive for Business without having to enter a password or provide a 2FA prompt.
To add accounts, go to Settings> Accounts> Email & accounts and click Add account. Note that your options here include specific choices for Office 365, Google, Yahoo, and iCloud accounts.
7. Refine action center settings
One of the signature features of Windows 10 is the Action Center, a pane that appears on the right side of the screen when you swipe right on a touch screen or click the notification icon at the far right of the taskbar.
For a laptop, it is recommended to customize the quick action buttons at the bottom of the Action Center panel. Hide all the buttons you don’t use and make sure the four buttons you use most often are available in the top row so you can access them when the set of buttons is reduced to a single row.
Next, review the list of apps that are allowed to interrupt you with notifications and silence the ones you never want to hear about. Settings allow you to control pop-up messages and sounds, or to turn notifications off completely.