Overview of Windows 11 security priorities
Security, by default
Nearly 90% of security decision makers surveyed say outdated hardware leaves organizations more open to attacks and using modern hardware would help protect against future threats.1
Building on the innovations of Windows 10, we’ve worked with our manufacturer and silicon partners to provide additional hardware security capabilities to meet the evolving threat landscape and enable hybrid work and learning. The new set of hardware security requirements that comes with Windows 11 supports new ways of working with a foundation that is even stronger and more resilient to attacks.
Enhanced hardware and operating system security
With hardware-based isolation security that begins at the chip, Windows 11 stores sensitive data behind additional barriers separated from the operating system. As a result, information including encryption keys and user credentials are protected from unauthorized access and tampering.
In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with virtualization-based security (VBS) and Secure Boot built-in and enabled by default to contain and limit malware exploits.2
Robust application security and privacy controls
To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity.
Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This
integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
In Windows 11, Microsoft Defender Application Guard3 uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device’s location, or access resources like camera and microphone.
Passwords have been an important part of digital security for a long time, and they’re also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as TPM 2.0, VBS, and/or Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device. And with Windows Hello, users can quickly sign in with face, fingerprint, or PIN for passwordless protection.4
Contact your ASI Sales Rep for more information at email@example.com or 888-2000-ASI.
1 Microsoft Security Signals, September 2021.
2 Hypervisor-protected coder integrity, which activates virtualization-based security, is enabled by default on clean installations only.
3 Windows 10 Pro and above support Application Guard protection for Microsoft Edge. Microsoft Defender Application Guard
for Office requires Windows 10 Enterprise, and Microsoft 365 E5 or Microsoft 365 E5 Security.
4 Windows Hello supports multi-factor authentication including facial recognition, fingerprint, and PIN. Requires specialized
hardware such as fingerprint reader, illuminated IT sensor or other biometric sensors and capable devices.