Skip to main content
Microsoft Security

New Windows 11 security features are designed for hybrid work

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing email is 1 hour, 12 minutes.1 Microsoft tracks more than 35 ransomware families and more than 250 unique nation-state attackers, cybercriminals, and other actors. We have unparalleled threat intelligence—processing more than 43 trillion signals per day, including 2.5 billion daily endpoint queries and 921 password attacks blocked every second. We work alongside more than 15,000 partners in our security ecosystem and we have more than 8,500 engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries. We combine human and machine intelligence with built-in AI to continuously learn from the attack landscape, and we have a dedicated team, the Microsoft Offensive Research and Security Engineering (MORSE), that works to stop threats before they reach your device.2 All of this goes into the design process to deliver a more secure Windows with every release.

“Because Microsoft designed the security model of Windows 11 from the ground up to assume that some component has already been compromised, threat actors will find it orders of magnitude more difficult to remain undetected [and persist] in the environment than in traditional architectures.”

SANS Institute

Protection that evolves with the threat landscape

Today, we’re proud to announce that the security features you heard about in April 2022 are now available on Windows 11.

Application Control

We’ve added features that give people the flexibility to choose their own applications, while still maintaining tight security. Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools.3 This feature creates an AI model using intelligence, based on the 43 trillion security signals gathered daily, to predict if an app is safe. App control is known to be one of the most effective approaches to protecting against malware but can be complex to deploy. Windows 11 uses the power of AI to generate a continually updated app control policy that allows common and known safe apps to run while blocking unknown apps often associated with new malware. Our customers have asked us to make this simpler and we have responded.

The Smart App Control approach achieves the goal of making advanced app control protection widely available. Smart App Control is built on the same same OS core capabilities used in Windows Defender Application Control. Smart App Control is provided on all Windows client editions with clean installations of Windows 11 2022 Update. Alternatively, for enterprises, your IT team can use Microsoft Intune with Windows Defender Application Control to remotely apply policies to control what apps run on workplace devices.

Vulnerable driver protection

Malware increasingly targets drivers to exploit vulnerabilities, disable security agents, and compromise systems. Window 11 uses virtualization-based security (VBS) for enhanced kernel protection against potential threats.

HVCI ensures that only validated code can be executed in kernel mode. The hypervisor leverages processor virtualization extensions to enforce memory protections that prevent kernel-mode software from executing code that has not been first validated by the code integrity subsystem. HVCI protects against common attacks like WannaCry that rely on the ability to inject malicious code into the kernel. HVCI can help prevent the injection of malicious kernel-mode code even when drivers and other kernel-mode software have bugs.

The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Taking advantage of Windows Defender Application Control, the kernel blocklisting feature prevents vulnerable versions of drivers from running. Microsoft works with ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers. Users who want the highest level of protection can still specify an allow list to implement driver control.

Enhanced identity protection and simplified password management

With Windows 11, you can protect your valuable data and enable secure hybrid work with the latest advanced security that small or medium-sized businesses say results in 2.8 times fewer instances of identity theft.5 Here are a few enhancements that can help you stay secure now and in the future:

Locking down IT policy and compliance

Config lock builds on the security fundamentals of Windows 11 and is, in part, secured by specific hardware features. The feature monitors a pre-configured set of configuration service providers (CSPs) and policies. If you assign any of these policies to devices in your tenant, enabling config lock will maintain your defined settings.

Ongoing innovation to improve security for all

We’re continuing to add protection from chip to cloud, with an emphasis on the benefits of using new, modern devices with hardware features optimized for security and hybrid work.

For example, if you work in data-sensitive scenarios, Secured-core PCs with Windows 11 can be a great choice. These devices come with additional safeguards enabled, including advanced firmware protection, for the highest level of Windows security. We also will now detect if a device is capable of Windows Defender System Guard and alert users in the Windows Security app that the feature can be enabled. This update to the Windows Security app is currently available to the Windows Insider population and will be broadly available soon.

The Microsoft Pluton security processor, designed by Microsoft and our silicon partners, directly integrates into the silicon of the CPU, providing protection for sensitive assets like credentials and encryption keys by isolating them from the rest of the system. The Pluton firmware also gets security updates straight from the cloud through the Windows updates process which helps security and IT teams simplify management and ensure they have the latest, ongoing protection against threats. 

We’re all working together toward a more secure future, and we look forward to delivering more innovation that will not only detect threats but help prevent them. Microsoft has committed a USD20 billion investment in security research and development over five years.4 We’re committed to your security and to continuously improving the foundational security provided by Windows with default security baselines to help you thrive now and in the future.

To get more information on Windows 11 chip-to-cloud security, visit our website and check out the Windows 11 Security Book details on how Microsoft optimizes Windows 11 for Zero Trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Cyber Signals: 3 strategies for protection against ransomware, Vasu Jakkal. August 30, 2022.

2MORSE security team takes proactive approach to finding bugs, Elliott Smith. August 3, 2022.

3Availability may vary by region.

4Microsoft has a $20 billion hacking plan, but cybersecurity has a big spending problem, Eric Rosenbaum. September 8, 2021.

5Hardware dependent.