Microsoft Ignite 2024 companion guide: Windows security

With all the exciting news coming this week from Ignite, here are some great resources to help you dive deeper into Windows 11 security topics after you watch my session on Windows 11 security and resiliency. 

Hardware baselines 

• Pluton, Secured-Core PC, secure by default – Review hardware-based security features available out-of-the box in Windows 11.  

Protect data 

• Personal Data Encryption for known folders – Learn about file-based encryption capabilities using Windows Hello Authentication, available starting in Windows 11 Enterprise, version 22H2.   
• Virtualization-based security (VBS) enclaves – Find an overview and development guide for VBS enclaves and learn how to enable isolation of sensitive workloads from both the host application and the rest of the system.  

Multifactor authentication and identity hardening 

• Passwordless authentication​ – Discover how Windows Hello and passkeys on Windows enable safer sign-ins with passwordless authentication.   
• Recall security and privacy architecture​ – Get the latest information on how Microsoft is designing Recall with security and privacy in mind.  
• Delegated Managed Service Accounts (dMSA) Overview in Windows Server 2025​ – Read more about the new dMSA account type introduced in Windows Server 2025 and watch a demo about the migration path from a service account to dMSA.  
• NTLMless – Keep up to date with deprecated Windows features, including NTLM.  

Verified, least privilege apps and drivers 

• Modern print platform: Windows Protected Print​ – Take a closer look at how Modern print provides a simple, streamlined and secure printing experience.  
• Tools for Win32app isolation​ – Access tools for using Win32app isolation feature on Windows to help contain the damage and safeguard user privacy choices in the event of an app compromise.   
• Administrator protection​ – Find out how this new Windows 11 platform security feature protects users while still allowing just-in-time administrator privileges authorized using Windows Hello. 
• Trusted Signing​ – Check out the new code signing service for developers and IT professionals, backed by a Microsoft managed certification authority.  
• Smart App Control, App Control for Business – Read how you can use policies to provide peace of mind that only verified apps can run on your device.  

OS configuration 

• Device Health Attestation​ – Help confirm devices are in a good state and haven't been tampered with.   
• New Windows 11, version 24H2 security baseline​ – Get the latest information about changes to the security baseline for Windows 11, version 24H2, including additional protections to LAN Manager, Kerberos, User Account Control, and more.   
• Config Refresh​ – Use Config Refresh helps enforce IT-defined security policies by automatically returning PC settings to the preferred configuration. 
• Zero Trust DNS​ – Discover how Zero Trust DNS enables domain-name-based lockdown to block network traffic to unapproved network destinations.  
• Hotpatching with Windows Autopatch​ - Hotpatch updates for Windows 11 Enterprise, version 24H2 client devices are now available in public preview. 

Learn more  

Finally, to learn more about how Windows 11 is built secure by design and secure by default to help businesses transform and thrive in a new era, bookmark the Windows 11 Security Book!