Microsoft is focusing on security in Windows, introducing Secured-Core PCs against hardware to cloud attacks and expanding passwordless options with passkeys for better identity protection. Passkeys are safeguarded by Windows Hello tech, and Microsoft’s Secure Future Initiative (SFI) aims to ensure secure product and service delivery by adding new security features in Windows 11 and enabling more security features by default.
New Windows 11 Features
Partnering with OEMs, Microsoft is introducing secured-core PCs with default enhanced security features. These PCs utilize hardware security features such as Pluton security processors and firmware safeguards to protect user credentials, identities, and data from cyberattacks, even with physical access to the device.
Windows Hello ESS enhances security on secure-core PCs with biometric sign-ins, eliminating the need for passwords. Windows 11 boosts security with default features like credential safeguards and application protection, cutting down on security incidents and firmware attacks.
Windows Hello and passkeys provide multi-factor authentication, guarding against credential theft. Windows 11 enhances security with Local Security Authority (LSA) protection, blocking unauthorized access to credentials.
Moreover, Microsoft plans to deprecate NTLM and Virtualization Security (VBS) for key protection to enhance user authentication and key security. This strengthens Windows Hello and safeguards against advanced attacks.
Additionally, Microsoft enhances Windows security by prioritizing application trust and user control. Smart App Control uses AI to block unknown or malicious apps, while Trusted Signing streamlines the app signing process for developers, enhancing app reputation and compatibility with Smart App Control.
Win32 app isolation limits damage from compromised apps. Just-in-time administrative access mandates user approval for admin actions, shrinking the attack surface.
Now, VBS enclaves, once exclusive to Windows security, are open for developers to integrate into their applications, enhancing protection for sensitive tasks.
Microsoft is bolstering Windows security with several changes. Windows Protected Print Mode will become the default, and tooltips will be managed by applications instead of the kernel, reducing vulnerabilities. TLS server authentication is being reinforced by discontinuing trust in weak 1024-bit RSA encryption keys, enhancing overall system security.
Windows 11 provides enhanced management features for commercial users. Config Refresh enables administrators to schedule devices to automatically reapply security policies.
Firewall enforcement ensures successful application of all rules within a block or complete rollback to prevent partial deployment. Personal Data Encryption offers dual data protection levels based on user lock status, enhancing security alongside BitLocker.
Zero Trust DNS (in preview) limits outgoing traffic to authorized network destinations resolved by trusted DNS servers. It empowers IT administrators to centrally manage and enforce security configurations on devices.
Leave A Comment