Ignite 2024: Windows 11 Gets Hotpatching and New Admin Protection Feature

Microsoft unveiled new security features and tools for Windows 11 Enterprise, including hotpatch support.

Published: Nov 19, 2024

Windows 11 2022 Update

SHARE ARTICLE

Key Takeaways:

  • Microsoft is enhancing Windows 11’s security by focusing on stability, limiting administrative privileges, and more.
  • Microsoft introduced features like Quick Machine Recovery for remote troubleshooting.
  • Microsoft added Hotpatch support for Windows 11 Enterprise 24H2 and Windows 365.

Microsoft has announced new security features coming to Windows 11 Enterprise at Ignite 2024. The company has also introduced the Windows Resiliency Initiative to make Windows more robust and secure for enterprise customers.

Windows 11 Enterprise gets hotpatching support and PDE

Microsoft has announced Hotpatch support for Windows 11 Enterprise 24H2 and Windows 365. This feature allows administrators to apply critical security updates without requiring a system reboot. The Configuration Refresh feature lets IT admins enforce MDM-defined security policies by automatically returning PC settings to the preferred configuration.

Personal Data Encryption

Lastly, Microsoft has announced that the Personal Data Encryption for known folders is now generally available for Windows 11 Enterprise. This feature leverages Windows Hello authentication to protect files stored in the Desktop, Documents, and Pictures folders. IT admins can use Microsoft Intune to enable Personal Data Encryption within their organization.

Windows 11 security features

Microsoft highlighted a couple of security features that are now enabled by default in Windows 11, including virtualization-based security, Credential Guard, vulnerable driver block list, and Local Security Authority (LSA) protection. Other security features like Smart App Control, App Control for Business policies, as well as passkey support for Windows Hello authentication help to protect customers against cyberattacks.

Windows 11 Administration Protection feature aims to block malware

Microsoft has announced updates to boost Windows security for commercial customers. The company has introduced a new security feature in preview that will give employees standard user permissions by default, but they will still be able to make system changes like installing apps.

“With administrator protection enabled, if a system change requires administrator rights, the employee is prompted to authorize the change using Windows Hello. Upon approving the change, Windows creates a temporary isolated admin token that is destroyed once the process is completed. Administrator Protection helps to ensure that employees remain in control, not malware,” said Pavan Davuluri, Corporate Vice President, Windows and Devices.

Windows Resiliency Initiative

Microsoft emphasized that its Windows Resiliency Initiative will focus on four areas. The company plans to enhance the system’s stability by learning from previous security incidents to prevent similar issues in the future. Microsoft will also make it possible for more apps and users to operate without needing administrative privileges.

This new initiative will also focus on implementing stronger controls about which applications and drivers can run on the system. It also aims to enhance security measures to protect users from phishing attacks.

Quick Machine Recovery

Microsoft has also announced new tools to help administrators manage Windows PCs in enterprise environments. The Quick Machine Recovery feature lets IT admins apply specific fixes from Windows Update directly to PCs. This capability is particularly useful in situations where a PC is stuck in a non-bootable state, as it allows for remote troubleshooting to minimize downtime. Microsoft plans to begin testing this feature with Windows Insiders in early 2025.

Microsoft Virus Initiative partners

In addition to this, Microsoft is evolving its collaboration with endpoint security partners to protect businesses. The Microsoft Virus Initiative (MVI) partners will be required to take some key steps to boost security and reliability on Windows endpoints. These include increased testing, strengthened incident response processes, and following safe deployment practices.

Microsoft is working closely with MVI partners to develop new security features that will allow antivirus processes to run outside of the kernel mode. The company will roll out these new Windows security platform capabilities to partners in July 2025.

SHARE ARTICLE