Windows 11 enables security by design from the chip to the cloud Over the last year, PCs have kept us connected to family, friends and enabled businesses to carry on to run. This new hybrid work paradigm offers us considering how we shall continue to deliver perfect quality, experience, and security for the more than 1 billion people who use Windows. While we have adapted to working from your home, it’s been rare to get by way of a day without reading an account of a brand new cybersecurity threat. Phishing, ransomware, supply chain, and IoT vulnerabilities—attackers are constantly developing new approaches to wreak digital havoc.
But as attacks have increased in scope and sophistication, so have we. Microsoft includes a clear vision for how to help significantly protect our customers now and in the future, and we realize our approach works.
Today, we’re announcing Windows 11 to boost security baselines with new hardware security requirements built-in to give our customers the confidence that they are a lot more protected from the chip to the cloud on certified devices. Windows 11 is redesigned for hybrid work and security with built-in hardware-based isolation, proven encryption, and our most robust protection against malware.
Security by design: Built-in and fired up
Security by design has always been a priority at Microsoft. What others invest more than $1 billion per year on security and employ more than 3,500 dedicated security professionals?
We’ve made significant strides for the reason that journey to generate chip-to-cloud Zero TrustTrust out of the box. In 2019, we announced secured-core PCs that apply security best-practices to the firmware layer, or device core, that underpins Windows. They combine hardware, software, and OS protections to help significantly provide end-to-end safeguards against sophisticated and emerging threats like those against hardware and firmware, which can be on the rise based on the National Institute of Standards and Technology and the Department of Homeland Security. Our Security Signals report discovered that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to safeguard this critical layer.
With Windows 11, we’re which make it easier for customers to get protection from these advanced attacks out of the box. All certified Windows 11 systems will feature a TPM 2.0 chip to help significantly ensure customers benefit from security backed by a hardware root-of-trust.
The Trusted Platform Module (TPM) is just a chip that’s either incorporated into your PC’s motherboard or added separately into the CPU. Its purpose is to help significantly protect encryption keys, user credentials, and other sensitive data behind an equipment barrier so that malware and attackers can’t access or tamper with this data.
PCs into the future need this modern hardware root-of-trust to help significantly protect from both standard and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.
TPM 2.0 is just a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. Furthermore, for many enterprise customers, TPMs help facilitates Zero Trust security by providing a secure element for attesting to the fitness of devices.
Windows 11 also offers out-of-the-box support for Azure-based Microsoft Azure Attestation (MAA), bringing hardware-based Zero Trust to the forefront of security, allowing customers to enforce Zero Trust policies when accessing sensitive resources in the cloud with supported mobile device managements (MDMs) like Intune or on-premises.
They were raising the security baseline to meet the evolving threat landscape. This next generation of Windows will improve the security baseline by requiring newer CPUs, with protections like virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot built-in and enabled automatically to safeguard from both common malware, ransomware, and more sophisticated attacks. Windows 11 will even have new security innovations like hardware-enforced stack protection for supported Intel and AMD hardware, assisting proactively in protecting our customers from zero-day exploits. A creation like the Microsoft Pluton security processor, when used by the fantastic partners in the Windows ecosystem, helps raise the effectiveness of the fundamentals in the center of robust Zero Trust security.
Ditch passwords with Windows Hello to keep your information protected. For enterprises, Windows Hello for Business supports simplified pass wordless deployment models for achieving a deploy-to-run state within a few minutes. This includes granular control of authentication methods by IT admins while securing communication between cloud tools to protect corporate data and identity better. And for consumers, new Windows 11 devices are going to be pass wordless automatically from day one.
Security and productivity in one. These components interact in the background to keep users safe without sacrificing quality, performance, or experience. The newest group of hardware security requirements that comes with this new Windows release was created to build a base that’s even stronger and more resistant to attacks on certified devices. We all know this approach works—secured-core PCs are two times as resistant to malware infection.
Comprehensive security and compliance. Out-of-the-box support for Microsoft Azure Attestation enables Windows 11 to provide proof of Trust Trust via attestation, which forms the cornerstone of compliance policies organizations can depend upon to produce knowledge of their proper security posture. These Azure Attestation-backed compliance policies validate the identity and platform and form the backbone for the Zero Trust and Conditional Access workflows for safeguarding corporate resources.
This next degree of hardware security is compatible with upcoming Pluton-equipped systems and any device utilizing the TPM 2.0 security chip, including a vast selection of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many others.
Windows 11 is a better means for everyone to collaborate, share, and present—with the confidence of hardware-backed protections.