In addition to the questions posted on this page, we also answer questions posted in reply to the event on LinkedIn and X (Twitter). Here are the questions we answered:

Question -- Windows security discussion board on Tech Community -- I’ve read a few mentions of the Secure Future Initiative. And during Ignite I heard about something called the Windows resiliency initiative. Are these the same thing? Related? - answered at 4:27.

Question from the Tech Community -- Is there a way to enable Smart app control when provisioning a device with OSD? The docs say that it can only be used when enabled at device installation, but I don't see ways to enable it for hybrid joined devices. This would be great to start our app hardening journey. Thanks in advance. - answered at 7:10.

Follow up question - How does smart app control in the scenario where you have an unsigned app?  - answered at 10:48.

Question from LinkedIn -- Can you help me understand the distinction between User Account Control and admin protection? (Is there some sort of comparison graphic?) - answered at 14:44.

Question from X (formerly Twitter) - On Config Refresh - is there a min or max time frame? Can I set it different for certain groups of devices? - answered at 20:08.

Follow up question: What happens with Config Refresh if the PC goes offline? - answered at 23:01.

Question from Tech Community -- How does admin protection work if you remote into a user’s laptop? For example, if the user is working from home and you as IT support need to use a domain admin account on the remote computer e.g. need to remove some faulty software. - answered at 24:04.

Question from X -- How does Personal Data Encryption select what files to encrypt? - answered at 27:30.

Question from Tech Community - Going back to admin protection -- What about the hidden, system generated accounts and profiles? Is it only one always and preserved—or is there one generated per process and the whole profile deleted afterwards—or is it per user elevating things and the profiles deleted/kept around or ...? - answered at 29:38.

Question -- Your team has done a lot of work making sure more devices have access to device encryption by default, can you share more about what your team is focused on and what it means for users? - answered at 31:46.

Question from X -- Sorry if this is simple, but how do App Control and App Locker fit together? - answered at 33:22.

Question sent to our Windows Community Manager in a private message -- I am having SUCH a hard time getting our IT team to move past traditional Group Policy and into MDM or, seems far for us, Config Refresh. How do I convince them it's time to move forward and modernize some things? - answered at 38:23.

Question from Tech Community -- Is there a way to test Administrator protection with Windows 11, version 24H2 or do we need to use insider builds? - answered at 43:13.

Question from LinkedIn -- When should we use EFS vs. Personal Data Encryption? Can we use both? - answered at 44:31.

Question -- Do any Windows apps have Personal Data Encryption on by default if it's enabled on the device? Or do we always have to set it? - answered at 47:02. For demos on personal data encryption go to https://aka.ms/Ignite2024/BRK290 & https://aka.ms/ignite2024/OD811

Question -- Will it just prompt for a password instead of Windows Hello authentication which (from my understanding) is tied to the machine? - answered at 48:51.