As is to be expected in a "release branch" build, there's not much that's new in this build, although Microsoft have introduced some changes to the Windows Defender Application Guard (WDAG) feature set. Here's how Microsoft describe it:
Windows Defender Application Guard (WDAG) Improvements
The Windows Defender Application Guard (WDAG) Team has introduced new improvements for users to have a better experience with our upcoming release. We have combed through our user feedback and acted to ensure your needs are met. On top of significant performance improvements, we have added an ability to download documents highlighted below.
Performance improvements: The teams at Microsoft are constantly working to improve performance for our users. Windows Defender Application Guard is no different. In this upcoming feature update, you will notice an improvement in the launch time for Application Guard. We have made the start process lighter and faster, which will provide our users with a better experience when accessing Microsoft Edge in Windows Defender Application Guard.
Download files to the host: One of the items our users voiced was an inability to “download files from within WDAG” to the host. This created an inconsistent experience for Edge overall as downloaded files were stuck inside the container. In this release, users can turn on a feature to download files from their WDAG browsing session onto the host file system. This feature is available in the Windows 10 Enterprise edition and must be turned on. Once the feature is enabled, users will be able to download files into a folder created in their Downloads folder and open all files on the host.
How to enable and configure the Download to host feature:
- Latest Windows 10 Enterprise RS4 Builds.
- Windows Defender Application Guard feature is installed.
- Network isolation policies are configured.
1. Navigate to Local Group Policy Editor > Administrative Templates > Windows Components > Windows Defender Application Guard.
2. Select Allow files to download and save to the host operating system from Windows Defender Application Guard
3. Select Enabled and Apply
After this policy is enabled, you can download files from your Windows Defender Edge session to your Downloads folder. The files from Application Guard will be saved in a folder called “Untrusted files” nested inside the Downloads folder. This folder is created automatically when you first download a file from Application Guard after enabling the policy.
- This feature is off by default.
- Users will need to assess the files they downloaded and assume any risks of opening on the host.
We encourage you to try our new download feature and assess our improved launch performance. Your feedback and suggestion are important to us as we continue to improve our products. You can click here to open Feedback Hub to give feedback on WDAG.
We’ve also made updates to Windows Defender System Guard. With Windows Defender System Guard, we are making a leap forward in platform security with memory integrity by default and bringing a born secure device promise to our user base. To learn more about these changes and talk with product team, see their post in the Windows Insider Technical Community.
Other than that, there's a few fixes for Windows Mixed Reality (no one actually uses this, do they?); and some general bug fixes. Here's Microsoft's full release notes.