Microsoft bolsters Windows 11 enterprise Zero Trust security

By on
Microsoft bolsters Windows 11 enterprise Zero Trust security

Hardware features aim to make hybrid work safer.

Microsoft intends to add a slew of new enterprise security features with hardware support to Windows 11, in an effort to make distributed, hybrid workplaces safer.

Among these is the Pluton Security Processor, which is regularly kept fresh through Windows Update.

Microsoft said Pluton is regularly penetration tested, optimised for performance and reliability and offers protection against physical attacks through integration with central processing units (CPUs) in computer systems.

Pluton is built on Microsoft's Zero Trust security model with improved authentication, lowered privileged access levels and other defences like assumed-breach and verified end-to-end encryption.

The security processor will have its firmware automatically updated by Microsoft, with no enterprise administrator intervention required.

Windows 11 will also bring in Smart App Control that prevents users from running malicious and untrusted applications, using code signing along with cloud-based artificial intelligence.

Users will also be "protected from themselves" with the Config Lock in Windows 11 that detects and prevents changes to the system Registry configuration databases and reverts these.

Ransomware and malware attacks will be tackled through Hypervisor-Protected Code Integrity (HVCI) virtualisation enhancements to stop users from running vulnerable drivers, leveraging Microsoft's Windows Defender Application Control blocklist.

Uer account and credentials security in Windows 11 for enterprise customers will get a boost through enhanced phishing detection with the Defender SmartScreen, Microsoft said.

Enterprise editions of Windows 11 will also come with the Credential Guard feature, that protects against common login detail theft techniques such as pass-the-hash and pass-the-ticket, even if malware is running with Administrator privileges.

Microsoft will also ensure that the Local Security Authority (LSA) process, one of several to verify user identities, will be better protected in Windows 11, ensuring it only loads trusted, signed code.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?