‘InPrivate Desktop’ Coming to Windows 10 Enterprise
Earlier this month, BleepingComputer.com ran a report on a new security feature in Windows 10 that was exposed during a bug-bash quest in the Feedback Hub. The new feature is installed as an app from the Microsoft Store. But according to Lawrence Abrams, the app wasn’t available in the Store despite the instructions found in the Feedback Hub.
The text of the quest read: “Microsoft is Developing a Sandboxed “InPrivate Desktop” for Windows 10 Enterprise. InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software. This is basically an in-box, speedy VM that is recycled when you close the app!”
The prerequisites were listed as follows:
- Windows 10 Enterprise
- Builds 17718+
- Branch: Any
- Hypervisor capabilities enabled in BIOS
- At least 4GB of RAM
- At least 5GB free disk space
- At least 2 CPU cores
I tried to access a link provided in the text, referring to feature limitations, but it requires a Microsoft account associated with the Microsoft tenant. I suspect that this feature was only available for internal testing at the time of the bug bash.
What is InPrivate Desktop for?
While Windows 10 Enterprise users have the right to run one Windows 10 virtual machine, someone needs to set up the VM and potentially maintain it. But InPrivate Desktop looks to provide a readymade environment that users can spin up with no configuration and easily start from scratch each time InPrivate Desktop is launched. I don’t have any new technical details to share, but I think that InPrivate Desktop works like Windows Defender Application Guard (WDAG) and is based on container technology.
WDAG provides Microsoft Edge users with a secure environment where the browser runs in a container that protects the underlying operating system if the browser session is exploited. WDAG was originally only available in the Enterprise SKU but Microsoft recently made it available to Windows 10 Professional users also. For more information on Windows Defender Application Guard, see Protect Users Against Malicious Websites Using Windows 10 Application Guard and Revisiting Application Guard in the Windows 10 April 2018 Update on Petri.
If InPrivate Desktop turns out to work like WDAG, it will be a useful addition to the OS for organizations that want to remove administrative rights from users. One of the biggest issues with removing rights is that users can no longer install software that requires administrator privileges. InPrivate Desktop would give organizations more scope to remove administrative rights but still allow users some freedom to test new software or experiment with settings that aren’t available to standard users.
Developers and system administrators might also find InPrivate Desktop useful when they need to spin up a test environment but don’t want to step through the Windows setup process. Although there’s no word yet if and when InPrivate Desktop will make it into Windows.
Follow Russell on Twitter @smithrussell.
More in Windows 10
IT Admins Report Issues With Microsoft Store Version of Quick Assist App
May 16, 2022 | Rabia Noureen
Microsoft Releases May 2022 Patch Tuesday Updates
May 11, 2022 | Laurent Giret
What’s New with Windows – April 2022
May 2, 2022 | Russell Smith
This Week in IT - Is Microsoft Killing Off Patch Tuesday?
Apr 22, 2022 | Russell Smith
Windows 10 November 2021 Update is Now Ready for Broad Deployment
Apr 18, 2022 | Rabia Noureen
This Week in IT - Windows 10 Gets Search Highlights and Is Microsoft in Hot Water Over Windows Cloud Pricing?
Apr 15, 2022 | Russell Smith
Most popular on petri