How Windows 11’s Advanced Security Features Are Keeping You Secure
Your Windows 11 PC is doing a lot to keep you safe from the myriad of threats in today’s digital age. These risks come from malicious apps, phishing, snooping on unencrypted traffic, and even loopholes at the local PC administrator level.
Below, we look at some of Microsoft’s cutting-edge security innovations integrated directly into Windows 11.
Smart App Control (SAC)
Smart App Controlis a feature that works to stop threats and potentially unwanted apps at the process level long before they can ever cause damage to your PC. It does this using a sophisticated cloud-powered AI service that tries to determine whether the app you are trying to run is deemed to be safe.
As perMicrosoft: If the service believes the app to be safe, Smart App Control will allow it to run. If the app is believed to be malicious or potentially unwanted, then Smart App Control will block it. If the service cannot make a confident prediction about the app, then Smart App Control checks to see if the app has a valid signature.
Type “Smart App Control” in the search box in the Start menu to access the system settings.
It’s worth noting that there is currently no way to bypass or white list protection for individual apps aside from turning the feature off. Turning Smart App Control off is also permanent unless youfactory reset or perform a clean installation of Windows 11.
Also, to use Smart App Control on a PC already running Windows 11, you will need to start from a clean slate.
Because Smart App Control is tightly woven into the core of the OS. Smart App Control will only be enabled on a clean installation of Windows 11 or optionally a fully up-to-date, factory reset version of Windows 11.
DNS Over HTTPS: (DoH)
By default,Domain Name System (DNS)requests are sent over a plaintextUDP or TCP connection. This inherently makes traditional unencrypted DNS traffic vulnerable to eavesdropping and spoofing.
DNS over HTTPSis an advanced encryption protocol. Designed to add protection at the transport layer, DNS over HTTPS wraps the DNS query within a standard HTTPS request and then encrypts it.
Put simply, this means that your DNS queries and their corresponding responses will be indistinguishable from all other HTTPS traffic on the network.
Windows 11 now supports DNS over HTTPS configuration at the network level, as shown below.
How to Configure DNS Over HTTPS on Windows 11
If you’d like to enable this feature on your PC, here’s how:
Secured-Core PC Configuration Lock
One of the many challenges facing an administrator in an enterprise organization is the process of maintaining security policies across multiple devices.
For instance, a user with local admin rights may change a setting and put the device out of sync with security policies. This creates what is known as “configuration drift.”
With this in mind, Microsoft’sSecured-Core PC configuration lockenables administrators to enforce security policies on their secured-core PC (SCPC) corporate devices.
Secured-Core PC configuration lock works by monitoring specific registry keys related to the secured-core PC configuration on the client operating system. Then if configuration drift is detected by either intentional or unintentional misalignment of settings, the changes are reverted within seconds.
Secured-Core PC configuration lock isn’t enabled by default on Windows 11 or turned on during boot. Instead, it is managed separately by an administrator usingMicrosoft Intune.
You can check out step-by-step documentation provided byMicrosoftfor enabling Secured-Core PC configuration lock.
Enhanced Phishing Protection
Microsoft’sEnhanced Phishing Protectionworks within the Microsoft Defender SmartScreen ecosystem. It was introduced in the Windows 11 Update Version 22H2,
Enhanced Phishing Protection is Microsoft’s answer to the ever-growing threat of bad actors trying to steal sensitive user data, like passwords. It aims to protect a user’s organizational or school Windows 11 password when typed into a potentially unsafe website or app.
The feature protects the integrity of a user’s password in three ways.
It’s easy for administrators to set up and configure Enhanced Phishing Protection. It can be configured in Microsoft Intune, Group Policy Objectsvia the Group Policy Editor, or as a Configuration Service Provider with an MDM service.
Windows 11 Protects From Risky Business
As the world transitions more and more to hybrid, remote, and new ways of working, the imperative will always be security. Organizations and everyday people alike cannot afford their sensitive data to get into the wrong hands. Microsoft is pushing the envelope with Windows security and leveraging the latest tech in a bid to keep us safe.
From trusted support modules to UEFI Secure Boot, Windows 11 will step up the security game and surpass its older brother by miles.
My foolproof plan is to use Windows 10 until 2030, with the latest security updates.
Not Linux, not Windows. Something better.
confirm you don’t miss these movies and shows before Netflix removes them.
The fix was buried in one tiny toggle.
This small feature makes a massive difference.
