For regular PC users, Microsoft worked on a whole new experience with Windows 11, bringing a refreshing new design and several accessibility features that make everyday work easier. However, the more important developments in the new Windows version have been hidden under these wraps and promise a secure PC experience like never before.
A gist of it could be seen with the recent hue and cry about the TPM 2.0 requirement for Windows 11. From Microsoft’s point of view, it is an important step towards establishing baseline security measures. Especially so for its corporate clients that work on a network of computers, and each one has to be as secure as the next.
TPMs allow hardware-based security functions, both when the computer starts up as well as in several applications used while computing. TPM 2.0 is relatively new to the market and is on limited PCs, but it brings a host of security measures that TPM 1.2 does not support. Together with higher CPU requirements on Windows 11, it enables security features like Windows Hello, device encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and secure boot.
Microsoft says that the combination of these features has been shown to reduce malware by 60 per cent on tested devices. For these reasons, the company is calling Windows 11 “the most secure Windows yet.”
Within the computer, it does so by isolating software from hardware. This isolation puts up a hardware barrier in front of encryption keys, user credentials and other sensitive data, separating them from the operating system. Thus, malware and attackers can’t access or tamper with that data during the boot process.
Once your fire up the PC, Windows 11 employs multiple layers of application security to safeguard critical data and code integrity of the application. Microsoft has also turned most of these security features on by default in Windows 11, thus ensuring optimum security at any time.
Online passwords are a prime target for attacks. In a note, Microsoft says that 579 password attacks take place every second, amounting to 18 billion attacks every year. So Windows 11 also brings passwordless protection as a more secure alternative to passwords. After a secure authorization process, user credentials are protected behind layers of hardware and software security. They can access them or basically log in to their Microsoft accounts using the Microsoft Authenticator app, Windows Hello, physical security keys, or SMS codes.
As for protecting your cloud activities, Windows 11 comes with several tools that let you set access conditions to your personal or enterprise account. Microsoft says that features like single sign-on and multi-factor authentication enabled by the Azure Active Directory (Azure AD) help protect cloud users from “99.9 per cent of cybersecurity attacks.”
The holistic security approach by Microsoft is thus evident on Windows 11, and it seems like cybersecurity firms love it. In an interview with CRN, Marc Menzies, president and CTO of Overview Technology Solutions, a New York-based Microsoft partner, mentioned that Windows 11 ecosystem ensures “that the endpoints can be easily secured.” He further sided with Microsoft’s decision to prioritize such security measures over a wider rollout on every computer by setting higher CPU requirements for Windows 11.
News Credit: India Today
