Windows 11 security features

In 2021, the built-in security mechanisms of Windows 11, Azure, Microsoft 365, and Microsoft Defender for Office 365 precluded more than 9.6 billion malware threats, and over 35.7 billion phishing and other malicious emails, and more than 25.6 billion attempts to brute-force stolen passwords to hijack our enterprise customers. This corresponds to almost 800 tries every second to guess your password. This, in conjunction with the 24 trillion security signals handled by our cloud every 24 hours and the 8,500 security specialists we employ, provides us a particular edge when advising clients on how to effectively defend themselves from current and future dangers. By providing the cutting-edge hardware and software required for Windows 11 alongside our ecosystem partners, we will be able to secure our clients regardless of where or how they want to work.

The complexity and destructive potential of assaults improve with time. If you fall for a phishing email, an attacker may acquire access to your sensitive information in an average of 1 hour and 12 minutes. 1 Microsoft has discovered more than 350 different ransomware families and is tracking more than 250 unique nation-state attackers, hackers, and other actors. Our analysis of over 43 trillion signals every day, including 2.5 billion endpoint queries and 921 stopped password attacks per second, yields unparalleled threat information. Our team of 8,500 engineers, researchers, data scientists, cybersecurity specialists, threat hunters, geopolitical analysts, investigators, and first responders based in 77 countries collaborate with more than 15,000 security ecosystem partners. To continually learn from the threat environment, we blend human and machine intelligence with built-in AI. Microsoft Offensive Research and Security Engineering (MORSE) is an additional layer of security that works to prevent attacks from reaching your device. 2 Each new version of Windows is safer than its predecessor due to enhancements made during development.

Protection that evolves with the threat landscape

Application Control

We’ve increased security while enabling users to choose which programmes they may access. Smart App Control is a new security feature meant to protect home and small business users from scripting attacks and untrusted, unsigned apps that may contain malware or be used in attacks. 3 Using the 43 trillion security signals collected everyday, this function trains an AI model to determine if an app is safe. App control as a countermeasure against malware is often seen as impractical despite its potential use. Windows 11 uses artificial intelligence (AI) to build an always-updated app control policy that blocks the installation of unfamiliar programmes that are often associated with new malware while allowing the installation and use of well-known and safe applications. Many of our clients requested that we simplify this procedure, therefore we did it.

Vulnerable driver protection

Malware increasingly targets drivers to corrupt systems, exploit security vulnerabilities, and deactivate security agents. Windows 11 employs virtualization-based security (VBS) to enhance kernel protection against possible attacks.

HVCI guarantees that only code that has been verified is run in kernel mode. The hypervisor employs processor virtualization extensions to enforce memory safeguards that prohibit the execution of unverified code in kernel mode. HVCI defends against WannaCry and other threats that depend on the ability to inject malicious code into the kernel. Even when drivers and other kernel-mode software are defective, HVCI may aid in preventing malicious kernel-mode code injection.

Increased account and credential security

Credential Guard by default

Windows 11 utilises virtualization-based security features for protection against pass-the-hash and pass-the-ticket attacks. In addition, it prevents malware from accessing system secrets, even when the process has administrative privileges. Credential Guard’s default configuration for organisations running Windows 11 Enterprise will eventually be enabled.

Enhanced phishing detection and protection with Microsoft Defender SmartScreen

Microsoft Defender for Office 365 prevented more than 25.6 billion brute force authentication attempts against Azure Active Directory (Azure AD) and 35.7 billion phishing emails in the last year. Microsoft Defender’s increased phishing detection and prevention for Windows SmartScreen can help protect users from phishing attempts by detecting and alerting users when they input their Microsoft credentials into a malicious programme or compromised website. As a consequence of these advancements, Windows will be the first operating system in the world to feature phishing defences by default, ensuring that users stay secure and productive without needing to acquire specialised IT skills.

Locking down IT policy and compliance

Only purpose-built, high-security Secured-core PCs have Config lock, which helps prevent configuration drift. Even when the device is disconnected from the internet, Windows 11’s config lock monitors the registry keys governing each feature. The device resets itself as soon as it detects a deviation from the IT-preferred Secured-core computer state.

App security without the app store from Smart App Control

Smart App Control is a significant upgrade to Windows 11’s security architecture, since it stops users from running malicious programmes on Windows systems that limit untrusted or unregistered applications by default. Smart App Control is an OS core integration at the process level that enhances the browser’s inherent security. Code signing and AI are at the core of Microsoft’s new Smart App Control, which will only allow cloud-based operations to operate if they have been confirmed as secure using code certificates or an AI model for application trust. Ongoing model inference is being performed on the most recent threat information, which contains billions of signals. This paradigm is used by Windows 11 to guarantee that only trustworthy, well-known applications are permitted to run when a new one is opened.

Redesigning security from the chip to the cloud

Microsoft is committed to patching common attack routes such as the ones we discussed today, and the company invests continuously in enhancing Windows’ default security. These expenditures are made in an effort to simplify and improve the default security experience for Windows users. Windows 11 provides businesses with multiple layers of security and a direct connection to the cloud, enabling them to handle emerging security threats in the hybrid workplace more effectively. As we continue to fuel the economy of the future, each new version of Windows includes enhanced security features and additional safeguards.