Windows 11 Security Ebook Download
Quick Summary
- If you have installed Windows 11, you know it requires a Trusted Platform Module (TPM) device and builds on this hardware root of trust as a core foundation to allow secure boot to check each driver that is loaded before the OS is loaded up.
- Take a look at some of the features and then a download link to a Windows 11 Security Ebook.
- Tasks can run as the security context of a non-administrator unless an administrator specifically allows an administrator level access session to the system from a process.
Windows 11 has many security features built into its OS architecture, which helps to provide multiple layers of security. It relies on a structured approach that covers hardware security, operating system security, application security, identity, privacy, and cloud services. Take a look at some of the features and then a download link to a Windows 11 Security Ebook.
Table of contents
1. Hardware security
If you have installed Windows 11, you know it requires a Trusted Platform Module (TPM) device and builds on this hardware root of trust as a core foundation to allow secure boot to check each driver that is loaded before the OS is loaded up.
Traditional TPM devices can be used, and Microsoft also has its own type of device, Microsoft Pluton, which is a security processor homegrown at Microsoft. TPM and Pluton devices make it difficult for sensitive information to be extracted from the system.
Secured kernel is based on virtualization technologies like virtualization-based security (VBS). VBS uses hardware virtualization features to host a secure kernel separated from the host OS, in this case Windows 11. It houses security solutions and credential managers from other processes in memory.
Hardware security includes other components, including hypervisor-protected code integrity (HVCI), hardware-enforced stack protection, kernel direct memory access (DMA) protection, and Secured-core configuration.
2. Operating system security
Windows 11 has measures in the operating system that help keep devices, identities, and information that may be sensitive safe. Some of the features of Windows 11 that help protect these sensitive aspects of the operating system include encryption and data protection, network security, and built-in safeguards against viruses, and other threats like ransomware.
Cryptography in Windows 11 is “chip to cloud” so it is designed to enable Windows, applications, and services to protect system and user secrets. Windows 11 is also FIPS 140 compliant. Certificates help safeguard and authenticate information.
It also has a Windows Code Integrity process that verifies operating system signatures. This helps ensure that firmware, drivers, and software are secure and have not been tampered with.
It includes many other operating system security features, including code signing and integrity, device health attestation, Windows security policy settings and auditing, kiosk mode, config refresh, and others.
3. Application Security
Windows 11 has many layers of security that isolate and maintain code integrity to protect sensitive data. One of these is Smart app control. It prevents malicious applications being run by users on Windows devices. It also now uses AI to allow processes to run only if they are predicted to be safe and this intelligence is updated daily.
We are familiar with user account control. But it helps to prevent malware from running privileged commands and damaging a PC or workstation. Tasks can run as the security context of a non-administrator unless an administrator specifically allows an administrator level access session to the system from a process. With it, you can block automatic installation of unauthorized apps and keep changes from being made without proper vetting.
It also contains Win32 app isolation that helps isolate applications to defend against attacks that can take advantage of vulnerabilities in apps or third-party drivers, libraries, etc. Windows Sandbox is a specialized desktop environment that allows running untrusted win32 apps in isolation using Hyper-V virtualization behind the scenes.
4. Identity
Windows 11 has a lot of features around identity security. One of those is passwordless sign-in. Passwords are often the first thing targeted by cybercriminals. Credentials are heavily protected in Windows 11.
Windows Hello enables passwordless sign-in using biometric or PIN verification and FIDO2 passwordless authentication. There is also the Windows Hello for Business offering for passwordless authentication. Windows Hello PIN can only be entered by someone with physical access to the device. Windows Hello Biometric provides a convenient login experience.
There is also Windows Hello for Business multi-factor unlock, Windows presence sensing, passkeys, Microsoft authenticator, smart cards and other tools.
5. Privacy
Privacy is a really important aspect of today’s security. It helps users know how their data is being used and how they can control and manage the data that is being collected. There are numerous Microsoft tools for controlling and accessing your privacy information.
There are the Privacy dashboard and report, Privacy resource usage, Windows diagnostic data processor configuration, and others.
6. Cloud services
There are a lot of cloud services around protecting your information as well and overall security. Microsoft Entra ID (formerly Azure Active Directory) is a cloud-based identity and access management solution. It can be used to “hybrid join” devices that can be controlled by Microsoft Entra ID and Conditional Access policies.
Windows 11 Security Ebook from Microsoft
Learn more about Windows 11 security. You can download a Windows 11 security ebook from Microsoft that goes into even more detail on the security features and capabilities found in Windows 11. Download the ebook here:
