Ignite 2025: Microsoft Announces New Capabilities to Make Windows More Secure and Resilient

Microsoft is strengthening Windows security and resilience to help organizations mitigate risks and prepare for an AI-driven future. These updates align with the Secure Future Initiative and emphasize trust, privacy, and enterprise-grade controls.

Post-Quantum Cryptography (PQC) APIs in Windows provide encryption algorithms designed to withstand future quantum attacks that could break traditional cryptography. These APIs enable organizations to start migrating to quantum-safe encryption now in order to ensure long-term data protection.

Microsoft is adding hardware-accelerated BitLocker support to improve disk encryption speed and security using silicon-level key protection. This security feature will be available on new Windows 11 devices in Spring 2026.

“Hardware-accelerated BitLocker brings faster and more secure disk encryption to Windows by leveraging modern SoC and CPUs. Cryptographic operations are now offloaded from the main processor to dedicated hardware, boosting performance and reducing system overhead. On supported hardware, encryption keys are now hardware-protected by being wrapped and isolated at the silicon level, which helps to minimize exposure to CPU and memory vulnerabilities, and raises the bar for data protection,” Microsoft explained.

Passkey manager integration with Windows Hello

Microsoft has also announced the general availability of passkey manager integration with Windows Hello. This release allows users to choose their preferred passkey manager, including Microsoft Password Manager in Edge, 1Password, Bitwarden, and others. To reduce risks from malicious or unverified software, Windows 11 uses App Control for Business to ensure only trusted apps and drivers can run on users’ devices. Microsoft Intune’s Managed Installer also helps IT teams easily approve business apps and block unsafe programs to boost protection against malware and phishing attacks.

Microsoft will also introduce the Sysmon functionality directly into Windows 11 and Windows Server 2025, which offers customizable event logging for advanced threat detection. This integration simplifies deployment and maintenance as well as gives security teams deeper visibility into system activity.

Windows is strengthening network security with two major upgrades: Zero Trust DNS and Wi-Fi 7 for Enterprise. Zero Trust DNS enforces encrypted name resolution through approved servers to block unauthorized traffic. Moreover, Wi-Fi 7 for Enterprise support delivers next-generation speed and reliability with mandatory WPA3-Enterprise authentication for secure, seamless connectivity.

Microsoft improves Antivirus and driver resilience across Windows

It’s been a year since Microsoft launched the Windows Resiliency Initiative (WRI) to improve the security and reliability of Windows. Today, Microsoft announced that it’s enhancing Windows reliability through stricter driver standards and improved antivirus architecture. The latest updates include shifting antivirus enforcement from kernel to user mode to prevent system crashes, introducing higher certification requirements for driver signing, and expanding in-box drivers and APIs to reduce custom kernel code.

Over time, these changes will significantly minimize kernel-level operations across multiple driver classes. Microsoft is also adding new safeguards (like driver isolation, compiler constraints, and DMA remapping) to help contain faults and improve overall system stability.