Back in April, Microsoft unveiled a range of new security features for Windows 11 and touted them as coming soon in a "future release" of the OS. It turns out that the company was referring to the Windows 11 2022 Update - now rolling out - by this statement. Microsoft has confirmed that all of the security enhancements it announced a few months ago are now generally available in Windows 11.
The headliner this time around is Smart App Control which is powered by an AI model and helps detects and block potentially unsafe apps from running on your PC. Smart App Control is built on the foundations of Windows Defender Application Control (WDAC) and processes signals daily. However, as explained before, you will need to do a clean install of your PC to leverage this capability. The feature is intended for individuals and small businesses.
In terms of driver protection, we have Hypervisor-protected Code Integrity (HVCI) and a vulnerable driver block list, both of which will be enabled by default.
The former actually runs kernel code inside a virtualization-based security (VBS) environment through Kernel Mode Integrity Check (KMCI) instead of the actual Windows kernel. This process ensures that all kernel code is validated, safe, and signed before it is allowed to run on the Windows kernel. In essence, this is a kernel-level mitigation against malware. Meanwhile, the vulnerable driver block list will protect your PC from harmful drivers and their associated behaviors.
In terms of smaller enhancements and existing functionalities, we have the following:
- Windows Defender Credential Guard is enabled by default in Windows 11 Enterprise to protect against credential theft
- Credential isolation with Local Security Authority (LSA) protection is enabled by default to confirm the identity of enterprise-joined Windows 11 PCs
- Enhanced phishing detection in Microsoft Defender Smartscreen will inform you when you"re entering credentials in a known compromised app or website
- Windows Hello for Business allows you to go passwordless and its also been made easier to deploy
- Devices with presence sensors will now allow hands-free secure sign-in through Windows Hello
- Config Lock can be used to monitor registry keys and ensure that they comply with the baselines set by your organization and the IT industry in general
Finally, Microsoft has highlighted the importance of PCs with the Microsoft Pluton security chip that ensure that promises improved security at a hardware-level. And for Windows 11 Insiders using Secured-core PCs for protection against firmware compromises, a new prompt will show up in the Windows Security app to alert them if their device supports Windows Defender System Guard but it"s not enabled. This feature will hit general availability soon but is not included in the Windows 11 2022 Update for now.