Security | Vulnerability Scans and Assessment Windows

New Windows 11 encryption features and security enhancements will help protect hybrid work


Windows 11 brings you closer to the news and information you care about faster with Widgets. A new personalized feed powered by AI and best-in-class browser performance from Microsoft Edge. Windows 11 is designed also for gaming, with innovative new features that can take your PC gaming experience to the next level. Perhaps you want to learn how you can protect your device against theft as a consultant due to frequent travel etc: Kindly take a look at “How to enable or disable BitLocker Drive Encryption on Windows 10 and Virtual Machines” and “how to deploy Microsoft BitLocker Administration and Monitoring Tool“.

Since cybercriminals and nation-states alike haven’t wasted their time capitalizing on the rapid move to hybrid work, thereby targeting working outside the office. From the available data in Microsoft‘s 2022 Work Trend Index, Malware, stolen credentials, phishing attacks, devices that lack security updates, user error, and physical attacks on lost or stolen devices are major concerns for security and IT teams. Here is a guide on Smart App Control and how to enable Phishing Protection on Windows 11.

Microsoft says that Windows 11 will get more security improvements in the future (upcoming releases), which will add more protection against cybersecurity threats, offer better encryption, and block malicious apps and drivers. It was also noted in the report that significant security updates which add even more protection from the chip to the cloud by combining modern hardware and software will be added. Below are some of the key features.

  • Enhanced phishing protection against targeted phishing attacks with the help of Microsoft Defender SmartScreen, a cloud-based anti-phishing and anti-malware service.
  • With SmartScreen integrated into the OS, Windows users will be warned when entering their credentials into malicious applications or hacked websites. This has been proven to work and effectively blocked over 25.6 billion Azure Active Directory brute force authentication attacks and was able to intercept more than 35.7 billion phishing emails before landing in the recipients’ inboxes just in the last year alone.

These enhancements will make Windows the world’s first operating system with phishing safeguards built directly into the platform and shipped out of the box to help users stay productive and secure without having to learn to be their own IT department,” he added.

Protection for user data and against malicious drivers 

Western also highlighted that “Windows 11 users would get additional layers of security that protect their data and act as a defense against malicious drivers.

The newly planned Personal Data Encryption feature, for instance, protects users’ files and data when they are not signed into the device by blocking access until they authenticate via Windows Hello.

  • To access the data, the user must first authenticate with Windows Hello for Business, linking data encryption keys with the user’s passwordless credentials so that even if a device is lost or stolen, data is more resistant to attack and sensitive data has another layer of protection built-in. I will be sharing how this can be achieved in the subsequence guide here in the community

Windows users will also be able to enable a vulnerable driver blocklist that uses Windows Defender Application Control (WDAC) to block drivers with known vulnerabilities automatically. This will harden Windows systems against third-party-developed drivers in the following ways below.

  • Known security vulnerabilities that attackers can exploit to elevate privileges in the Windows kernel
  • Malicious behaviours (malware) or certificates used to sign malware
  • Behaviours that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel.

Windows 11 App Improvements

Weston added that the Smart App Control is another crucial security enhancement planned for Windows 11 that will be integrated with the OS at the process level to block users from running malicious apps using code signing coupled with an AI model.

“When a new application is run on Windows 11, its core signing and core features are checked against this model, ensuring only known safe applications are allowed to run. This means Windows 11 users can rest assured and confident that they are using only safe and reliable applications on their devices.

Microsoft also wants to enable Credential Guard by Default and additional protection for Local Security Authority (LSA) for organizations using Windows 11 Enterprise to improve security in enterprise environments further.

Also worth highlighting, Config Lock, which locks security settings to have them automatically reverted if end-users or attackers try to modify them. It uses MDM policies to monitor and revert registry keys to the original states if users are altering them, likely rendering their devices insecure and exposed to attacks.

Want to hear from the horse’s mouth, kindly click on this link. Also, here is a guide on Windows 11 Feature-specific, Hardware and Software Requirements: How to upgrade to Windows 11 from Windows 10 as a Windows Insider.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x