Windows 11’s Biggest Security Updates
While Windows 11 brings an eye-catching new design and some handy productivity features, that’s not all that Microsoft changed in the new operating system, which entered general availability this week. For businesses, the even bigger updates are under the hood—particularly when it comes to security. Windows 11 is a “huge, huge win” on security because it sets a far stronger baseline through a number of adjustments, said David Weston, Microsoft’s director of OS and enterprise security, in an interview with CRN last week. Major security updates from Windows 10 include raising the TPM and CPU requirements and turning key security features on by default in Windows 11 without hobbling PC performance, Weston said.
Solution providers have told CRN that they agree Windows 11 is a massive step forward on security. “I’m able to know, walking into an environment with Windows 11, that the endpoints can be easily secured,” said Marc Menzies, president and CTO of Overview Technology Solutions, a Ronkonkoma, N.Y.-based Microsoft partner, in a previous interview with CRN. “It just makes it a heckuva lot easier to know what your baseline is, and that you can implement some of the security features that are really, at this point, fundamentals.”
Several of Microsoft’s security-focused changes in Windows 11 have been unpopular with some users, including the CPU requirements. But there, too, many solution providers have said they’re siding with Microsoft. “I’m fine with them prioritizing security over being able to roll this out to every computer,” Menzies said.
Using Windows 11 security features in combination on test devices—including device encryption, secure boot, virtualization-based security such as HVCI and Windows Hello facial recognition—reduced malware by 60 percent on those devices, according to Microsoft. Some of those features can only be enabled by default because of the TPM 2.0 requirement and higher CPU requirements for Windows 11, Weston said.
With Windows 11, “there was performance tuning, reliability tuning and compatibility tuning that made it possible for us to enable [certain security features] by default on the vast majority of its systems,” he said. “And that is the big difference between 11 and 10.”
At Altamonte Springs, Fla.-based managed services provider Blacktip, CEO Matthew Bookspan said it’s clear that Microsoft is “prioritizing security first” with Windows 11. “And I’d say that’s the prudent thing to do, given what’s going on in this environment,” Bookspan said in a previous interview with CRN.
What follows are 10 key updates from Microsoft on Windows 11 security.