Microsoft amps up focus on Windows 11 security to address evolving cyberthreats

“IT security leaders will undoubtedly need to evaluate the Copilot+ PCs,” he said. “They will be manageable using existing Windows management tools, but until they are used and tested in the organization’s environment, the magnitude of benefits will be unclear. I would expect rapid iterations and improvements on the software and OS side in order to leverage the power of the hardware. Nobody will be going all-in on these PCs out of the gate, but I expect a lot of interest in proof of concept and small-scale test deployments. Over time, it will likely become the standard as PC refresh cycles allow.”

Software and OS protection

Removing legacy weaknesses is another way in which Microsoft is improving security with its latest round of announcements. NT LAN Manager (NTLM), a 1993-vintage network authentication and security protocol that still exists within Windows, for example, will be deprecated later this year. In addition, transport layer security (TLS) server authentication certificates, which verify a server’s identity, will no longer be trusted by the Microsoft Trusted Root Program if their RSA encryption keys chaining to roots are shorter than 2048 bits.

For services requiring high security, reliability, and performance, Microsoft is adding virtualization-based security (VBS) to create an isolated secure environment to protect keys; the feature is now in preview. VBS is also used to isolate Windows credentials if a device doesn’t have built-in biometrics. VBS enclaves are now available to third-party developers.