You’ve just upgraded to the most recent version of Windows 10. Before you get back to work, use this checklist to ensure that your privacy and security settings are correct and that you’ve cut annoyances to a bare minimum.
Full version upgrades to a Windows PC used to be rare: Most people only had to deal with an upgrade once every three to five years, and then typically as part of the process of buying a new PC.
Now, in the “Windows as a service” era, you can expect a feature update (essentially a full version upgrade) roughly every six months.
If you’re setting up a new PC or doing a clean install of Windows 10 on older hardware, follow the instructions in How to set up a new Windows 10 PC perfectly in one hour or less.
For upgrades, the process is considerably simpler. After about an hour (more or less, depending on the underlying hardware), you should be back at work, with most apps and settings migrated successfully.
In case, clean install or upgrade, use this checklist to make sure you’ve covered some important bases that aren’t part of Windows Setup. Note: All of these steps assume you’re upgrading to Windows 10 version 1709, the Fall Creators Update.
1. Create a recovery drive.
Sure, your Windows 10 installation is working fine now, but if it ever fails to start properly, you’ll be grateful you have a recovery drive handy. Booting from this specially formatted USB flash drive gives you access to the Windows Recovery Environment (WinRE), which you can use to fix most common startup problems.
You need a USB flash drive, of course, at least 512 MB in size for a bare recovery drive and 8 GB for one containing Windows system files.
In version 1709, you’ll find a shortcut to the Recovery Drive desktop app on Start, under the Windows Administrative Tools heading.
2. Secure your user account.
If you use a local account, your sign-in credentials are stored locally, and there’s no way to provide a second factor for authentication.
By contrast, signing in with a Microsoft account or an Azure Active Directory account means you can set up two-factor authentication (2FA) that requires external confirmation from an app on your trusted mobile device.
Both types of accounts are free. If you’re worried about privacy, set up a new Microsoft account and use it exclusively for this purpose and don’t associate the @outlook.com address with any other service
To set up 2FA for a Microsoft account, sign in at https://account.live.com/proofs. There, using the options shown here, you can turn on two-step verification, configure a mobile authenticator app, and manage trusted devices.
(That’s just one of several handy shortcuts for managing a Microsoft account. For more, see Windows 10 tip: Take control of Microsoft account security and privacy settings.)
To manage security settings for an Azure AD account, go to https://portal.office.com/account, select Security and Privacy, and follow the links under the Additional Security Verification heading. (To bookmark that page, use this link: https://account.activedirectory.windowsazure.com/Proofup.aspx.)
Finally, if you have the hardware to support it, turn on Windows Hello. The options for facial recognition and fingerprint identification are available under Settings > Accounts > Sign-in Options.
3. Turn on BitLocker drive encryption.
Encrypting every drive that contains personal data is a crucial security step. Without encryption, anyone who steals that device can mount the drive in an operating system of their choosing and siphon the data away with ease. With encryption, getting to your data requires an encryption key that is effectively uncrackable.
Full-strength BitLocker encryption requires a Trusted Platform Module (TPM) chip and a business edition of Windows. On modern portable PCs running Windows 10 Home, you can enable device encryption if you’re signed in with a Microsoft account.
For step-by-step instructions that explain how to turn on BitLocker Drive Encryption, see: Windows 10 tip: Use BitLocker to encrypt your system drive. And make sure you save a copy (or two) of your BitLocker recovery key.
4. Configure Windows Update.
The good news is Windows 10 includes automatic, cumulative updates that ensure you’re always running the most recent security patches. The bad news is those updates can arrive when you’re not expecting them, with a small but non-zero chance that an update will break an app or feature you rely on for daily productivity.
If you’d rather let the rest of the world test each month’s security and reliability updates before you OK the install, you should be running Windows 10 Pro or Enterprise, not Home. With those business editions, you can defer updates by up to 30 days.
After you complete a Windows 10 upgrade, the first thing you should do is go to Settings > Update & Security > Windows Update and click Check for updates. Install any available updates, including updated drivers.
(I also recommend that you head to the Store and check for app updates. Windows 10 will update those apps automatically, but you can speed up the process by checking manually.)
Finally, on the Windows Update page in Settings, click Change active hours to specify your normal work hours (a window of up to 18 hours), when you don’t want to be interrupted by updates. Then click Advanced options and set your deferral periods for monthly quality updates as shown here.
Choosing the Semi-Annual Channel option delays feature updates by up to four months.
I recommend setting a reminder in your calendar program for the second Tuesday of each month, the day on which Microsoft releases security updates for Windows. When you receive that reminder, you can choose to manually install the updates, or snooze the reminder and perform the task a few days later. Automatic updates won’t download and install until the deferral period you specified has passed.
5. Review privacy settings.
By default, Microsoft collects a substantial amount of diagnostics information as you use Windows 10. That information is, according to Microsoft’s privacy policies, used exclusively for personalizing your experience with Windows and “to help [Microsoft] provide a secure and reliable experience.”
(For a full discussion of the privacy issues, see Microsoft defends (and explains) its Windows 10 privacy settings.)
You can’t turn off the telemetry feature completely, but you can choose to send only a limited amount of data on your Windows 10 usage. To do so, go to Settings > Privacy > Feedback & Diagnostics and change the setting under the Diagnostic Data heading from Full to Basic.
These options have been simplified since the original release of Windows 10.
You can also make two other changes here. Turn off Let Microsoft provide more tailored experiences with relevant tips and recommendations by using your diagnostic data and tell Microsoft you prefer to not be asked for feedback as you use Windows 10.
6. Connect other accounts.
The Microsoft account or Azure AD credentials that you use to sign in to Windows allow you to connect to apps using the same credentials. That makes it especially easy to get your email and schedule using the built in Mail & Calendar app.
If you have additional accounts (especially Office 365 and Gmail accounts), now is a good time to add them to Windows so that they’re available for use within apps as well. If you need to use two-factor authentication for those accounts, you can do it once here and avoid hassles later.
To add accounts, go to Settings > Accounts > Email and app accounts and click Add an account.
7. Fine-tune Action Center settings.
One of the signature features in Windows 10 is the Action Center, a pane that appears on the right side of the display when you swipe in on a touchscreen or click the notifications icon at the far right of the taskbar.
For a portable PC, I recommend customizing the Quick Action buttons at the bottom of the Action Center pane. Hide any buttons you don’t use, and make sure the four buttons you use most often are available in the top row so that you can get to them when the full set of buttons is collapsed to a single row. For instructions, see Windows 10 tip: Customize and rearrange the Quick Actions buttons.
Next, go through the list of apps that are permitted to interrupt you with notifications and silence those you never want to hear from. The settings here allow you to control pop-up messages and sounds or turn off notifications completely. See Windows 10 tip: Disable annoying app notifications for details.