Connect with us

Hi, what are you looking for?


Endpoint Security

Microsoft Adding New Security Features to Windows 11

Microsoft announced that the latest Windows 11 update (23H2) will bring more support for passkeys and several new security features.  

Windows 11 security features

Microsoft on Tuesday announced the new security features that will be available in the latest version of Windows 11. 

Windows 11 feature updates are released in the second half of each calendar year. The latest update, 23H2, is being gradually rolled out to users, with Microsoft expecting the new features to reach all devices by the release of the November 2023 security updates. 

However, customers with eligible devices running Windows 11 version 22H2 can get the updates sooner by going to the Windows Update section in Settings and enabling the ‘Get the latest updates as soon as they’re available’ option.

Microsoft said its goal is to simplify and modernize security for IT teams by reducing the attack surface. 

The latest Windows 11 update expands support for passkeys, which are replacing passwords to offer enhanced security. Users will be able to use and secure passkeys via their phone or Windows Hello (including Hello for Business), enabling them to sign in to a website or application using a device PIN, their face or their fingerprint. 

On Windows 11, passkeys will work not only with Microsoft’s Edge browser, but also Chrome, Firefox, and others.

In addition, organizations can remove the use of passwords right from the start by using Windows Hello for Business or FIDO2 security keys.

“IT can now set a policy for Microsoft Entra ID joined machines, so users no longer see the option to enter a password when accessing company resources,” Microsoft explained. “Once the policy is set, it will remove passwords from the Windows user experience, both for device unlock as well as in-session authentication scenarios. With this change, users can now navigate through their core authentication scenarios using strong, phish-resistant credentials like Windows Hello for Business or FIDO2 security keys.”

Advertisement. Scroll to continue reading.

Microsoft also announced improvements to the Intune cloud-based endpoint management solution. The App Control for Business feature (formerly known as Windows Defender Application Control) enables organizations to only allow approved and trusted applications to run on devices in an effort to prevent file-based malware attacks. 

Organizations using Intune to manage devices will be able to configure App Control for Business from their admin console. 

Another new feature is Config Refresh, which enables IT teams to revert policies to a secure state in case of tampering by users or unauthorized applications. Users can rely on Config Refresh to reset the device at regular intervals (for example, every 30 or 90 minutes). The feature can also be paused by IT admins for a specified time in case support staff needs to make changes.

Microsoft also announced Windows Firewall improvements, including new capabilities and features designed to make the firewall easier to manage.  

On PCs with built-in presence sensors, the screen will dim when the user is not paying attention to save energy, and, for security purposes, the device will automatically lock when the user leaves.

Microsoft has also highlighted its coding security efforts, which include proactive code fuzzing, as well as additional security checks and balances in the software development lifecycle, including helping developers find bugs on their own with the aid of new automations and AI.  

Related: Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security

Related: Did Microsoft Just Upend the Enterprise Browser Market?

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...