Microsoft Adding New Security Features to Windows 11
Microsoft unveiled the latest security enhancements for Windows 11 during an announcement on Tuesday. These upgrades will be integrated into the upcoming version of Windows 11, codenamed 23H2, which is currently in the process of being rolled out to users. Microsoft anticipates that all devices will have access to these new features by the time the November 2023 security updates are released.
Users with eligible devices already running Windows 11 version 22H2 can expedite the update process by navigating to the Windows Update section in Settings and activating the 'Get the latest updates as soon as they're available' option.
Microsoft's primary objective with these security updates is to streamline and modernize security protocols for IT teams by reducing potential vulnerabilities.
One of the major enhancements in the latest Windows 11 update is the extended support for passkeys, which are replacing traditional passwords to bolster security. Passkeys can be utilized and safeguarded through smartphones or Windows Hello, including Hello for Business, allowing users to access websites or applications using a device PIN, facial recognition, or fingerprint scanning.
This passkey functionality will not be limited to Microsoft's Edge browser; it will also be compatible with other popular browsers like Chrome and Firefox.
Furthermore, organizations have the option to eliminate the use of passwords altogether by implementing Windows Hello for Business or FIDO2 security keys. Microsoft explained that IT administrators can establish policies for Microsoft Entra ID joined machines to remove the password option entirely when accessing company resources. This change will replace passwords in both device unlocking and in-session authentication scenarios with more robust, phishing-resistant credentials like Windows Hello for Business or FIDO2 security keys.
Recommended by LinkedIn
Microsoft also introduced enhancements to the Intune cloud-based endpoint management solution. The App Control for Business feature, previously known as Windows Defender Application Control, empowers organizations to restrict the execution of only approved and trusted applications on devices, thus mitigating file-based malware threats. Organizations using Intune to manage their devices can now configure App Control for Business directly from their administrative console.
Another noteworthy addition is Config Refresh, which enables IT teams to restore policies to a secure state if they have been tampered with by users or unauthorized applications. Users can rely on Config Refresh to periodically reset their devices, such as every 30 or 90 minutes. IT administrators can also temporarily pause this feature when necessary for support staff to make adjustments.
Microsoft has also made improvements to Windows Firewall, introducing new features and capabilities aimed at simplifying firewall management.
On devices equipped with built-in presence sensors, the screen will dim when the user is not actively using the device to conserve energy. Additionally, for security purposes, the device will automatically lock when the user moves away from it.
Lastly, Microsoft emphasized its commitment to coding security, which includes proactive code fuzzing and the incorporation of additional security checks and balances in the software development lifecycle. These efforts also involve assisting developers in identifying and addressing bugs through new automation and AI-driven tools.