The Security Guide to Windows 11
Approximately 80% of security decision-makers say that software alone is not enough to protect from emerging threats.1 Windows 11 is a Zero Trust-ready OS to protect data and access anywhere.
How Windows 11 enables Zero Trust protection
Very explicitly
The first step in Windows 11 Zero Trust protection is to verify explicitly, which means to authenticate and authorize based on all available data points, including user identity, location, device health, service, data classification and anomalies.
Use least privileged access
The second step is least-privileged access, which controls user access with just-in-time and just-enough-access, risk-based adaptive policies and data protection to secure both data and productivity.
Assume breach
Finally, the assume breach step minimizes the blast radius and segments access. It also allows you to verify end-to-end encryption and use analytics to gain visibility to improve threat detection and defenses.
Security, by default
Outdated hardware leaves organizations vulnerable to attacks and security decision-makers say believe that modern hardware protects against future attacks. Improving upon the innovations of Windows 10, Windows 11 provides additional security capabilities to meet today’s evolving security landscape and enable more hybrid work and productivity. Windows 11 is designed to build a stronger foundation that’s more resilient to cyberattacks.
Enhanced hardware operating system security
Keep sensitive data behind additional security barriers separated from the operating system with Windows 11. This information, including encryption keys and user credentials, is protected from unauthorized access and tampering.
Hardware and software work together in Windows 11 to protect your entire organization with virtualization-based security (VBS) and Secure Boot built-in and enabled by default on new CPUs. VBS uses hardware virtualization features to create and isolate a secure region of memory from the operating system. This environment hosts multiple security solutions, greatly increasing protection from vulnerabilities and preventing the use of malicious exploits.
Robust application security and privacy controls
Windows 11 has multiple layers of application security to guard critical data and code integrity. Application isolation and controls, code integrity, privacy controls and least-privilege principles enable developers to build-in security and privacy from the ground up.
To protect privacy, Windows 11 also provide more controls over which apps and features can collect and use data, including device location or access resources like camera and microphone.
Secured identities
Passwords are a prime target for cybercriminals. However, Windows 11 is changing the standard with passwordless protection. After a secure authentication process, credentials are protected behind layers of hardware and software security. This gives users secure, passwordless access to their apps and cloud services.
End users can remove the password from their Microsoft account and use the Microsoft Authenticator App, Windows Hello, smart card or verification code sent to their phone or email. IT admins and consumers can set up Windows 11 devices as passwordless out-of-the-box.
Connecting to cloud services
Windows 11 security extends zero-trust from the end user to the cloud, enabling policies, controls, procedures and technologies that work together to protect your devices, data, applications and identities from anywhere.
Microsoft offers comprehensive cloud services for identity, storage and access management in addition to the tools to attest that any Windows device connecting to your network is trustworthy.
Connecting to cloud services
The acceleration of digital transformation and evolution of remote and hybrid work brings new opportunities to organizations and their teams. Now more than ever, employees and businesses need the right tools and security to ensure business continuity. Insight and Windows 11 make it easy to stay secure with the right devices and software. Talk to an Insight specialist today to learn more.
¹Microsoft Security Signals, September 2021.