How Microsoft will improve security on the next release of Windows 11

Microsoft announced several security features at its Windows Powers the Future of Hybrid Work event today. The company plans to increase the security of Windows PCs through hardware improvements, the cloud, and the use of artificial intelligence. In addition to discussing new features that are on the way, Microsoft detailed some existing security features, such as Microsoft Pluton, that will become more common in future computers.

Microsoft Pluton and Windows 11

Microsoft Pluton, a security technology pioneered on the Xbox One, is now capable of securing PCs. Pluton takes a Zero Trust approach and relies on several security features in Windows 11, including TPM 2.0, firmware and identity protection, Direct Memory Access, and Memory Integrity Protection.

Pluton integrates with a PC’s CPU and operating system. It’s also updated regularly to protect devices against threats.

While Pluton offers security benefits, a few PC manufacturers have reportedly opted against using it on some devices. Dell and Lenovo have each chosen to use Intel vPro tech for security instead, which cannot be used in conjunction with Pluton. Microsoft only introduced Pluton in 2020, so it may take some time to ship on more PCs.

Securing drivers

The next release of Windows 11 will have Hypervisor-Protected Code Integrity (HVCI) enabled by default to protect PCs. HVCI stops attackers from injecting code onto PCs, which is how the infamous WannaCry attack and several other malware campaigns targeting devices. The Microsoft Vulnerable and Malicious Driver Reporting Center allows Windows to automatically block vulnerable drivers that are known to be connected to security threats.

The Microsoft vulnerable driver blocklist uses Windows Defender Application Control and HVCI to secure PCs from ransomware attacks that exploit vulnerable drivers. PCs running Windows 11 SE and devices with HVCI will have a blocklist enabled by default.

Ensuring app security

A new feature called Smart App Control will help ensure that only secure apps can run on a PC. Smart App Control uses artificial intelligence to allow processes that are predicted to be safe. Windows 11 will check the processes that an app runs against a model to determine if an application is safe.

Smart App Control will ship with new PCs running Windows 11. It will also be available on current devices, though a fresh install of Windows 11 will be required.

Securing personal data

Windows 11 will soon have personal data encryption, which will protect files and data whenever a user is not signed into a device. PCs using the feature will require authentication with Windows Hello for Business, a data encryption key, or passwordless credentials to access data. As a result, PCs will resist data theft, even if they’ve been stolen.

Rounding out security on Windows 11

Microsoft discussed a handful of other security features for PCs at its event. Config Lock, which is already available on Windows 11, monitors registry keys to make sure systems are not changed without authorization.

Windows 11 will also have phishing protections directly built-in, which Microsoft says is a first for an operating system.

Credential Guard, which protects PCs from malware even if a process runs with admin privileges, is on the way to the Enterprise edition of Windows 11.

In the future, Windows 11 will have Local Security Authority protection enabled by default. The feature helps stop credentials from being stolen through the Local Security Authority, which is a frequent target for attackers seeking sensitive data.

If you’d like to find out more about Microsoft’s plans to secure Windows 11, you can watch the company’s breakout session at its Windows Powers the Future of Hybrid Work event.