The Banking Executive Magazine, Issue 154, October 2021

Windows 11 For Windows 11, the Zero Trust principle of verify explicitly applies to the risks introduced by both de- vices and users. Windows 11 pro- vides chip-to-cloud security, giving IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. Windows 11 works out of the box with Microsoft Intune and Azure Active Directory, so access de- cisions and enforcement are seam- less. IT Administrators can easily customize Windows 11 to meet spe- cific user and policy requirements for access, privacy, compliance, and more. Individual users also benefit from powerful safeguards including new standards for hardware based secu- rity and passwordless protection. All users can replace potentially risky passwords by providing secure proof of identity with the Microsoft Au- thenticator app, signing in with face or fingerprint, a security key, or a ver- ification code sent to a phone or email. Windows 11 security priorities are: • Security by default: Building on the innovations of Windows 10, Microsoft worked with manufacturers and silicon partners to provide additional hardware security capabilities to meet the evolving threat landscape and enable more hybrid work and learning. The new set of hardware security requirements that comes with Windows 11 is designed to build a foundation that is even stronger and more resilient to at- tacks. • Enhanced hardware and operating system security: With hardware-based isolation se- curity that begins at the chip, Win- dows 11 stores sensitive data behind additional security barriers, separated from the operating sys- tem. As a result, information in- cluding encryption keys and user credentials are protected from unauthorized access and tamper- ing. In Windows 11, hardware and software work together to protect the operating system, with virtual- ization-based security (VBS) and Secure Boot built-in and enabled by default on new CPUs. Even if cybercriminals get in, they can not get far. VBS uses hardware virtualization features to create and isolate a secure region of memory from the operating sys- tem. This isolated environment hosts multiple security solutions, greatly increasing protection from vulnerabilities in the operating sys- tem, and preventing the use of ma- licious exploits. In combination with device health attestation with cloud services Windows 11 is zero trust ready. • Robust application security and privacy controls: To help keep personal and busi- ness information protected and pri- vate, Windows 11 has multiple layers of application security to safeguard critical data and code in- tegrity. Application isolation and controls, code integrity, privacy controls, and least-privilege princi- ples enable developers to build-in security and privacy from the ground up. This integrated security protects against breaches and mal- ware, helps keep data private, and gives IT administrators the controls they need. In Windows 11, Mi- crosoft Defender Application Guard uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To pro- tect privacy, Windows 11 also pro- vide more controls over which apps and features can collect and use data such as device location or access resources like camera and microphone. • Secured identities: Passwords are inconvenient to use ISSUE 154 OCTOBER 2021 the BANKING EXECUTIVE 35 Figure 4: Windows 11 Zero Trust principles (Source Microsoft Book and Guide on Windows 11 Security)