New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Confirms Latest Defender Update Causes LSA Protection Alerts on Windows 11

Microsoft is currently investigating a persistent issue related to the latest security update for Windows 11 PCs. The company has confirmed that the recent Defender update triggers a warning that the Local Security Authority (LSA) feature is disabled, and their device is vulnerable to cyberattacks.

Local Security Authority (LSA) is a Windows feature that helps to manage security operations and policies, including authentication, authorization, auditing, and password management. It’s a critical component of the Windows security architecture that ensures consistent enforcement of security policies across the system. The LSA feature is designed to protect users from unauthorized access and data breaches.

“After installing “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002)”, you might receive a security notification or warning stating that “Local Security protection is off. Your device may be vulnerable.” and once protections are enabled, your Windows device might persistently prompt that a restart is required,” Microsoft explained on the Windows Health Dashboard.

In a Reddit thread, many users complained that the KB5007651 update shows the LSA protection is off message and prompts to reboot the device. The restart notifications appear on PCs running Windows 11 versions 22H2 and 21H2.

“Basically a yellow triangle appeared on the Windows Security iron, a week ago. It says that Local Security Authority protection is off. Your device may be vulnerable. There is no option to turn the protection on in the Device Security panel, there is only “dismiss” option,” the post reads.

Microsoft Confirms Latest Defender Update Causes LSA Protection Alerts on Windows 11 — Source: Reddit

Microsoft to fix the LSA protection warning bug on Windows 11

Microsoft has confirmed that it’s working on a fix, but it has not provided any workaround to address the problem on Windows 11 devices. However, the company suggests that users who have enabled the LSA protection feature and already restarted their devices can dismiss the notifications. Users can also check the Event Viewer to determine if LSA protection is enabled on their system.

Last month, Microsoft announced its plans to enable LSA protection by default on Windows 11. The company is already testing this change with the Windows 11 Insider Preview Build 25314 released to the Canary Channel.

by Rabia Noureen
Mar 23, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Upgrade to Windows 11 – The Road Ahead

Nov 28, 2023
What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
How to Add Microsoft Store Apps to Intune

May 5, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.