Microsoft on Tuesday announced the new security features that will be available in the latest version of Windows 11.
Windows 11 feature updates are released in the second half of each calendar year. The latest update, 23H2, is being gradually rolled out to users, with Microsoft expecting the new features to reach all devices by the release of the November 2023 security updates.
However, customers with eligible devices running Windows 11 version 22H2 can get the updates sooner by going to the Windows Update section in Settings and enabling the ‘Get the latest updates as soon as they’re available’ option.
Microsoft said its goal is to simplify and modernize security for IT teams by reducing the attack surface.
The latest Windows 11 update expands support for passkeys, which are replacing passwords to offer enhanced security. Users will be able to use and secure passkeys via their phone or Windows Hello (including Hello for Business), enabling them to sign in to a website or application using a device PIN, their face or their fingerprint.
On Windows 11, passkeys will work not only with Microsoft’s Edge browser, but also Chrome, Firefox, and others.
In addition, organizations can remove the use of passwords right from the start by using Windows Hello for Business or FIDO2 security keys.
“IT can now set a policy for Microsoft Entra ID joined machines, so users no longer see the option to enter a password when accessing company resources,” Microsoft explained. “Once the policy is set, it will remove passwords from the Windows user experience, both for device unlock as well as in-session authentication scenarios. With this change, users can now navigate through their core authentication scenarios using strong, phish-resistant credentials like Windows Hello for Business or FIDO2 security keys.”
Microsoft also announced improvements to the Intune cloud-based endpoint management solution. The App Control for Business feature (formerly known as Windows Defender Application Control) enables organizations to only allow approved and trusted applications to run on devices in an effort to prevent file-based malware attacks.
Organizations using Intune to manage devices will be able to configure App Control for Business from their admin console.
Another new feature is Config Refresh, which enables IT teams to revert policies to a secure state in case of tampering by users or unauthorized applications. Users can rely on Config Refresh to reset the device at regular intervals (for example, every 30 or 90 minutes). The feature can also be paused by IT admins for a specified time in case support staff needs to make changes.
Microsoft also announced Windows Firewall improvements, including new capabilities and features designed to make the firewall easier to manage.
On PCs with built-in presence sensors, the screen will dim when the user is not paying attention to save energy, and, for security purposes, the device will automatically lock when the user leaves.
Microsoft has also highlighted its coding security efforts, which include proactive code fuzzing, as well as additional security checks and balances in the software development lifecycle, including helping developers find bugs on their own with the aid of new automations and AI.