Yesterday was quite an eventful day, if you follow Microsoft news, that is. The company finally took the wraps off its Windows 11 operating system, and we learned a bunch of stuff about it including support for Android apps in the Microsoft Store, minimum system requirements, and a new support lifecycle, among many other things. Now, the company has penned a blog post explaining how security is at the forefront with the new version of Windows.
Microsoft Director of Enterprise and OS Security David Weston has stated that the security baselines are being raised with Windows 11, which is built to be secure by design. We already know that the OS requires the Trusted Platform Module (TPM 2.0) chip, and this particular requirement has faced backlash from a lot of our readers, especially those on older machines. Microsoft calls it a "critical building block" through which it provides security via Windows Hello and BitLocker. The company says that it also allows organization to follow a Zero Trust security model, which it has been pushing for quite some time.
When it comes to CPUs, Microsoft is supporting relatively modern processors with security features including virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot built-in and enabled by default. The OS will also offer hardware-enforced stack protection on certain hardware, with the company boasting of its Microsoft Pluton security chip for enhanced security as well.
Once again, Microsoft wants you to ditch passwords completely. Windows Hello for Business can be deployed by IT admins in organizations, whereas consumers will be passwordless by default from day one on new Windows 11 machines.
Microsoft claims that all of its hardware-level protections will work in tandem without compromising on performance, also saying that secured-core PCs are more resistant to attacks since they also offer protection against firmware attacks.
Lastly, Windows 11 features out-of-the-box support for Azure-based Microsoft Azure Attestation (MAA). These compliance policies will allow organizations to operate Zero Trust models and Conditional Access workflows more reliably while securing their resources.