How to get the Windows 11 security protections on your Windows 10 PC

3 years ago 432

Windows 11 volition crook connected hardware information by default but lone connected caller PCs oregon if you re-image from scratch. But determination is simply a workaround.

windows-11.jpg

Image: Microsoft

Security is lone 1 of the reasons for the hardware requirements for Windows 11; it's besides astir reliability, compatibility and performance. But the hardware information features successful the CPUs that Windows 11 volition tally connected reduce malware and ransomware attacks significantly. 

SEE: Windows 10: Lists of vocal commands for code designation and dictation (free PDF) (TechRepublic)

Speaking astatine a virtual "Ask Me Anything" lawsuit astir Windows 11, David Weston, spouse manager of endeavor and OS information astatine Microsoft, talked astir leveraging hardware to "raise the information baseline to a level overmuch higher than Windows 10 oregon immoderate different erstwhile mentation of Windows."

"We started by reasoning astir however we tin forestall against the astir communal attacks, truthful proviso concatenation attacks, credential attacks, things that you mightiness spot successful the quality related to ransomware oregon different truly impactful issues," helium said astatine the event. UEFI unafraid footwear "makes definite that the instrumentality boots successful what I would telephone a cleanable and unafraid state, with lone codification coming from Microsoft, your silicon supplier and your instrumentality manufacturer."  

He besides called Windows 11 "the archetypal existent passwordless operating system" due to the fact that it uses the TPM arsenic a "secure fastener box" for biometrics, which prevents the benignant of lateral question attackers trust connected erstwhile they ace passwords and bargain credentials. 

"When you're authenticating with your PIN, your look oregon your fingerprint … we're taking that information, we're processing and checking it, and if it passes muster the unafraid lockbox releases a cardinal and allows you to authenticate securely. This helps a batch by preventing precise communal attacks that would question to bargain this information, bargain your credentials and usage it to entree different machines successful your name." The TPM is besides utilized to store the BitLocker encryption key.

SEE: 83 Excel tips each idiosyncratic should master (TechRepublic)

Newer CPUs connection amended show for virtualisation truthful Windows 11 tin trust connected it for security. "The advances successful processor architecture successful caller generations let america to crook connected virtualization-based security, which helps unafraid the kernel from codification injection attacks similar those seen successful WannaCry, and besides helps forestall credential attacks against communal endeavor credentials similar NTLM, things that would beryllium progressive successful domain join."

Windows 11 besides uses virtualisation to show the OS itself. "We usage virtualization-based information … to nutrient what we telephone a zero-trust operating strategy wherever we're capable to observe changes successful the operating system, those that mightiness beryllium absorbing from a information perspective, and study them to the top."

Those features are disposable for Windows 10, too, though they're not enabled connected the immense bulk of PCs.

But depending connected however you get Windows 11 connected your PC, those hardware information features whitethorn not beryllium turned connected automatically. 

Clean installs and compatibility 

All Windows 11 PCs volition beryllium susceptible of moving virtualization-based security, a Microsoft spokesperson said. But representation integrity (the friendlier word utilized successful Settings for hypervisor-protected codification integrity, which uses VBS) is lone turned connected by default connected a caller PC that ships with Windows 11, oregon if you reimage a PC with Windows 11 (both of which number arsenic a "clean install").

windows-10-hardware-security-mi.jpg

Memory integrity is already disposable successful Windows 10 but it's lone turned connected by default connected Secured Core and a fewer PCs similar the Surface Pro 7+.

But conscionable upgrading from an earlier mentation of Windows won't automatically alteration the hardware-based information features for you. (If you had representation integrity turned connected earlier you upgrade, it volition enactment on).

Even if you re-image your PC, HVCI and VBS won't beryllium turned connected if you person incompatible kernel drivers, and compatibility with the software, peripherals and instrumentality drivers you person installed is the main crushed that upgrading doesn't crook connected the hardware information features, but it's not the lone factor, Microsoft said. 

"Compatibility is the main interest but turning connected virtualization volition impact the show characteristics of a device, and we privation to debar abrupt changes to the show that a idiosyncratic is accustomed to connected their instrumentality without being straight attributable to an enactment they take."

SEE: Windows evolves: Windows 11, and the aboriginal of Windows 10 (TechRepublic) 

Generally speaking, HVCI and VBS information features don't person overmuch interaction connected performance, but Microsoft is being other cautious erstwhile you're upgrading an existing PC truthful that you don't consciousness that Windows 11 is simply a worse acquisition than Windows 10 conscionable due to the fact that it turns connected information features you could person been utilizing but weren't.

In fact, you request a somewhat much almighty PC to get the hardware information features turned connected automatically than conscionable to tally Windows 11: Microsoft says they volition beryllium connected by default connected caller and reimaged PCs with Intel 11th generation, AMD Ryzen 3000 oregon aboriginal oregon Qualcomm 8C oregon aboriginal CPUs, 64GB oregon larger SSD (Windows 11 requires 64GB of retention but not an SSD) and 8GB of RAM alternatively than the 4GB specified for Windows 11. 

Some OEMs whitethorn alteration HVCI and VBS connected PCs that don't conscionable those specs, Microsoft told us, but besides noted that "end users oregon their organization's IT section are ever successful power and tin crook HVCI + VBS connected oregon disconnected arsenic appropriate."

HVCI and VBS won't beryllium enabled automatically connected PCs successful China oregon Korea; Microsoft said that's "for some ineligible and compatibility reasons."

No nagging

If hardware information isn't turned on—in Windows 11 oregon Windows 10—you  tin alteration it yourself from the Windows Security app successful Settings, nether Device security, Core isolation. But upgrading to Windows 11 won't punctual you to bash this oregon connection to bash it for you, adjacent if your PC meets the hardware requirements. Microsoft is considering suggesting this to users, perchance done a caller mentation of the PC Health Checker app, which volition beryllium disposable again earlier Windows 11 ships to assistance radical determine whether to upgrade, but that's not definite. 

SEE: How to archer if your PC tin tally Windows 11 (TechRepublic) 

"We are perpetually evaluating however to rise consciousness of our information capabilities successful a mode that helps users marque informed choices," Microsoft said.

Organizations that are readying to upgrade devices to Windows 11 without re-imaging volition privation to acceptable instrumentality absorption policies to crook connected HVCI and VBS to get the afloat protection.

For those who aren't acceptable to determination to Windows 11, you don't request to interest astir being incapable to get aboriginal diagnostic releases if you don't person a mentation 2.0 TPM successful your Windows 10 PC. At the virtual Windows 11 event, Microsoft besides confirmed that Windows 10 volition not necessitate TPM 2.0, adjacent successful aboriginal releases.

Microsoft Weekly Newsletter

Be your company's Microsoft insider by speechmaking these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays

Sign up today

Also see

Read Entire Article