AMA: Windows Security

Will Windows 10 be able to use the Microsoft authenticator app as a method to authenticate and change passwords.

In the session today, I heard that Windows 11 will be the 1st true passwordless authentication OS. Can you describe how Windows 11 uses TPM to accomplish this? Is there an ability to automate the change of a hidden password so that it may comply with PCI or CJIS compliance rules that require a periotic password change.

Will Windows 11 have better integration with Azure Right management and Microsoft Cloud App Security? The ability of end users to utilize many cloud services without a corporate identity enabled the new work from home workforce to store corporate data on many unapproved SaaS platforms .

I think the new Controlled Folder Access feature is great and I'm already using it. One thing that bothers me so far is that if I want to create an exception for a process I have to specify the path to the corresponding exe. This could in principle bypass the entire policy once I know for which exe an exception was created (rename file). Is it planned to be able to create an exception based on the hash value, similar to existing legacy solutions ?

What options will we have in the future via Intune to prevent the launch of individual apps ?

I have been looking at Microsoft Defender Security Center lately and have a question about device groups. I have a freshly created tenant with no groups set up by default. Now when I create my first group "Device Group1", I get the group "Ungrouped Devices (Default)" in addition to the group I created. By itself, I understand that it makes sense to have a default group that contains all devices that do not belong to my device group. The question I have now is the following: In the default group the Remediation Level is set to Full, but what if I don't create a custom group and I can't see any groups on my dashboard (see first image). Are all clients already in the default group by default before the first manual creation of a group and the Remediation level is also set to Full there or do the devices all have no assignment before?

Welcome to the Windows security Ask Microsoft Anything (AMA)! This live hour gives you the opportunity to ask questions and provide feedback to the engineering and product teams building Windows. Introduce yourself by replying to this thread. Post each question in the Comment on this event… box above.

would be very interesting to know when all the MSIX Goodness (except the simple already included MSIX deployment) come to Configuration Manager TPs and Releases. I hope very soon for MSIX App Attach, Config Packages, Updates, Bundles etc.

The vast majority of pirated windows use KMS activation through illegal servers or simulating a KMS server on the user's own computer. Will Windows 11 have any changes from Windows 10 to avoid this?