Microsoft has lifted the lid on a wealth of Windows 11 updates that it hopes will help alleviate common headaches for IT professionals.
Announced as part of the company’s Windows Power the Future of Hybrid Work event, the new features equip Microsoft’s operating system with additional cybersecurity options to shield users against phishing and malware attacks.
There are also improvements from a management perspective, with new features designed to automate the patching process across Windows 11, Edge and Office and simplify identity management.
Windows 11 security upgrades
Microsoft claims that protections built into its various services blocked almost 10 billion malware threats, 35 billion malicious emails and 25.6 billion password-related attacks last year. However, the results of its latest Work Trend Index indicate that businesses continue to feel vulnerable in the new hybrid working environment.
To further harden its defenses, Microsoft is preparing a series of changes for Windows 11 that should help guard against both the most common and most advanced threats.
“Microsoft is continuously investing in improving the default security baseline for Windows and focused on closing gaps on top attack vectors,” wrote David Westonm, VP Enterprise and OS Security at Microsoft.
“With built-in chip to cloud protection and layers of security, Windows 11 helps organizations meet the new security challenges of the hybrid workplace, now and in the future. With every release we are making Windows more secure by default, designing new protections as we continue to power the future of business.”
Specifically, Microsoft has developed a new AI-enabled system that stops users running malicious apps on Windows devices, called Smart App Control. The feature leans on an AI model hosted in the Azure cloud to assess the level of threat posed by an executable; if the threat level is high, the application will not be allowed to run.
Microsoft Defender, the in-built Windows 11 antivirus service, will also receive new functionality that protects against phishing attacks by alerting users when they are about to enter their Microsoft account credentials into an untrustworthy website. And in the event a device is stolen or misplaced, new Personal Data Encryption protections will ensure data is resistant to attack.
Lastly, Microsoft has already rolled out an update called Config Lock, which is said to “protect users from themselves”. The feature monitors registry keys to ensure that workers’ devices remain compliant with company security standards. If a breach of policy is detected, the device is automatically reverted to the desired state.
Making management simple
Microsoft is also striving to make the lives of IT professionals simpler, with new functionality that streamlines the endpoint management process.
Over the next year, Microsoft says it will roll out a range of updates to give administrators greater oversight and tighter control over Windows 11 endpoints, and minimize the number of queries that need to be actioned by IT.
These improvements will include a feature that automatically sniffs out unpatched software that may be open to attack and installs the relevant updates, and functionality that allows IT departments to temporarily elevate the privileges of a non-administrator when necessary, minimizing the burden on helpdesks.
A separate update will focus on providing employees with secure access to company resources, enabling VPN connections that link unenrolled mobile devices to on-premise resources.
Finally, the company is developing a new cloud certificate management solution for public key infrastructure (PKI) designed to make it easier for IT departments to provide employees with the tools they need to do their jobs, which has historically been more complex than any end user might realize.