Windows 11 Includes Features That Enforce Zero Trust

A zero-trust environment trusts nothing. It demands authentication for as many tasks, both hardware and software, as possible and ensures that devices grant access to the least amount of information required. Zero trust is the gold standard in modern network security, and Microsoft has made sure that its newest OS is compatible with and even helps to enforce that environment.

In Windows 11, rather than simply offering new security features, Microsoft requires that they be used and has stepped up the hardware security requirements for PCs running the new OS. Here are some ways Windows 11 helps enforce zero trust.

LEARN MORE: To build a zero-trust environment, inventory the security tools you already have.

Passwordless Authentication

Released with Windows 10, Microsoft face recognition software returns in Windows 11. Windows Hello allows users to keep information protected and to drop passwords entirely in favor of more secure cryptographic identification.

In Windows 10, Windows Hello was disabled by default. In Windows 11, Windows Hello will be on by default, and Windows will prompt you to set it up upon first signing in.

Cloud-Based Zero-Trust Policies

Administrators in large agencies already rely on various security policies to harden devices and communication. Windows 11 brings a method of validating cloud resources at scale, known as Microsoft Azure Attestation.

Microsoft Azure Attestation is a policy-driven service that creates a cryptographic token from a device’s Trusted Platform Module 2.0 chip. That token is then provided to Azure to authenticate an endpoint’s identity. Administrators can create and upload attestation policies via the Microsoft Azure Attestation service in the Azure portal.

Click the banner below to receive exclusive industry content when you register as an Insider.