Microsoft to Let Windows 11 Users Enable Administrator Protection from Settings

Microsoft is testing a new way to enable Administrator Protection in Windows 11.

Published: Jan 20, 2025

Windows-11-notebook-tablet

SHARE ARTICLE

Key Takeaways:

  • Microsoft is testing the Administrator Protection feature, granting users “just-in-time” admin privileges for specific tasks.
  • A new setting will let users enable this feature directly from Windows Security Settings.
  • This new setting is currently available in the latest Windows 11 Canary builds.

Microsoft has started testing a streamlined approach to enable the Administrator Protection feature in Windows 11. The latest Windows 11 Canary builds introduce a new setting that allows users to turn on this security feature without needing IT administrator approval.

What is Administrator protection?

Microsoft first introduced the Administrator protection feature in the Windows 11 Canary build back in October 2024. This feature is designed to enhance security by giving users “just-in-time” administration privileges when prompted. When a system process requires administrator privileges, the user is prompted to securely authorize this activity through Windows Hello.

The administrator privilege granted to a process is temporary. It is only available while the process is active and is revoked once the process completes its task and ends. Currently, this feature is disabled by default and requires a change in the group policy settings to enable it.

How does this new feature work?

With this upcoming change, users will be able to enable the Administrator protection feature from the Account Protection section on the Windows Security Settings page. Users will need to reboot their Windows 11 PCs to apply the changes.

“With Administrator protection, the user stays de-privileged and is granted just-in-time elevation rights only for the duration of an admin operation. The admin token is discarded after use and is recreated when another task requiring admin privileges is performed,” the Windows Insider team explained.

Microsoft to Let Windows 11 Users Enable Administrator Protection from Settings
Configuring Administrator protection (Image Credit: Microsoft)

The Administrator protection feature makes it harder for cybercriminals to exploit privilege escalation vulnerabilities on compromised systems. This is because access to the operating system kernel and other critical system processes will require Windows Hello authorization.

Currently, the new Administrator protection setting is only available for Windows Insiders in the Canary Channel. However, there is no ETA for when this feature will be generally available to all Windows 11 users.

SHARE ARTICLE