On June 24th, 2021, when Microsoft announced their new ambitious operating system, Windows 11, they made it clear that it is not just about UI makeover. Microsoft made it pretty hard to upgrade to Windows 11 by introducing some strict mandatory requirements like TPM 2.0, 8th gen or higher processor, and more. The reason for such prerequisites is to provide a more secure and tight environment to Windows 11 users. It seems Microsoft is learning from its past mistake.
If you are a long-time Windows OS user, you might be aware of the criticization that Windows 10 receive due to its incompetent security and privacy control. Although Windows 10 comes with some great in-built security features, most of its issues arise because of the OS’s incompatibility with the device’s hardware.
To fix various Windows 10/11 problems, we recommend Outbyte PC Repair:
This software will repair common computer errors, protect you from file loss, malware damage, hardware failure, and optimise your computer for peak performance. In three simple steps, you can resolve PC issues and remove virus damage:
- Download Outbyte PC Repair Software
- Click Start Scan to detect Windows 10/11 issues that may be causing PC issues.
- Click Repair All to fix issues with your computer's security and performance.
This month, Outbyte has been downloaded by 23,167 readers.
With Windows 11, Microsoft is looking to focus more on security. They are basically making sure that Windows 11 is used only on the latest PCs and laptops by asking for complicated hardware requirements.
If you have upgraded your system to the latest Windows 11 OS, here are the ten essential in-built features to secure it from external threats and privacy hackers.
Secure Windows 11 with these Features
Reputation-Based Protection
Windows 11 comes with advanced Reputation-based Protection. The Reputation-based protection feature helps the users protect their devices from harmful, potentially unwanted applications (PUA). PUAs are not technically malware but still can be dangerous and become a backdoor for malware programs. Also, since PUAs are unwanted, they unnecessarily take valuable hard disk space. If you are a frequent internet user, then enabling Reputation-based Protection would ensure that no unwanted program enters your device sneakily.
To enable Reputation-based protection, follow these steps:
Click on Start and select Windows 11 Settings.
Click on Privacy & security from the left pane, and then select Windows Security from the right.
From the list under Protection areas, select App & browser control.
On the next window, click on the Turn on button to enable the Reputation-based Protection.
After turning it ON, click on the Reputation-based protection settings.
Enable or disable the security settings as per your choice.
Ransomware Protection by Controlled Folder Access
Ransomware is one of the deadliest malware programs, and to tackle that, Windows 11 comes with a dedicated Ransomware protection feature. The Controlled Folder Access settings under Ransomware Protection enable you to prevent unauthorized access to your essential folders. It means that no application or code could access the files stored in those folders. This would basically save your important files from potential Ransomware attacks.
Here is how to enable the Controlled Folder Access:
- On your Windows 11 system, open Settings and navigate to Privacy & security -> Windows Security.
- Choose Virus & threat protection option.
- Under Ransomware Protection, click on Manage ransomware protection.
- Switch ON the Controlled Folder Access.
- After enabling it, click on the Protected folders to add the folders.
Core Isolation
Core Isolation is a Windows 10 feature that comes with a brilliant option known as Memory Integrity. This feature confines computer processes from the software and hardware and enables an extra security layer against malicious attacks such as rootkits.
Memory Integrity uses hardware virtualization and Hyper-V to prevent attempts of any malware injection. Here are the steps to enable it:
- On your Windows 11 system, open Settings and navigate to Privacy & security -> Windows Security.
- Click on Device Security.
- Under Core Isolation, click on Core isolation details.
- Enable the Memory Integrity by toggling the switch ON.
- Reboot the device to make the changes effective.
Turn OFF Ads and Tracking
Despite buying the licensed version, Microsoft would still show ads to the Windows 10 consumers on the Start Menu and other places. Microsoft also creates an advertising ID for every individual account. This advertising ID is used for displaying users’ tailored ads by collecting their preferences.
Though tracking and showing ads is by default enabled in Windows 10, you can easily disable it from the settings.
- Click on Start and select Windows 11 Settings.
- Click on Privacy & security from the left pane and select General under Windows permissions from the right.
- Under General Privacy Settings, disable all the tracking and ad displaying options.
Windows Defender Firewall
Windows Defender Firewall is a security defense software, pre-installed on all the versions of Windows, including Windows 11.
It can help prevent the system from hackers or malicious software programs, gaining access to the PC through the network. So, the Windows Firewall is always turned on by default. Keep in mind; you shouldn’t turn off the Windows Firewall unless you have a third-party firewall program.
To avoid vulnerable and unauthorized access, for better Windows 11 security, follow the oncoming procedures.
- On Windows 11 search box, type Control Panel and click on its icon to launch it.
- Click on System and Security.
- Next, click on Windows Defender Firewall.
- On the next window, ensure that the Firewall is enabled for both Public and Private Networks.
Network Scanning
Network Scanning is a hidden option of Windows Defender that scans the network files on the system for any potential threat. Surprisingly this option is disabled by default in Windows 11. However, you can enable it manually using PowerShell.
- On Windows 11 search box, type PowerShell, and run it as administrator.
- Type the following command: Set-MpPreference -DisableScanningNetworkFiles 0 and hit the enter key.
- The Network scanning would be enabled. To disable it, use this command: Set-MpPreference -DisableScanningNetworkFiles 1
Restrict Diagnostic Data
Microsoft periodically collects the hardware and software diagnostic data to improve the users’ experience on Windows 10 devices. Although you cannot entirely turn off the data collection, you can control what kind of data you want to get collected about you, your device, and the applications you use.
Here are steps to restrict Diagnostic Data:
- Click on Start and select Windows 11 Settings.
- Click on Privacy & security from the left pane and select Diagnostics & feedback under Windows permissions from the right.
- Toggle the button to turn off sending the optional diagnostic data.
- Further, on the same setting page, you get the options to Turn off the Improve inking and typing, Tailored experiences, View diagnostic data, and Delete diagnostic data.
Disable Windows Timeline
Windows 10 has a Timeline feature that keeps the history of the tasks and applications you opened in chronological order so that you can revisit them. In this process, Windows collects a lot of data that can prove heavy on privacy. Fortunately, users can disable sending the activity history to Microsoft.
- Click on Start and select Windows 11 Settings.
- Click on Privacy & security from the left pane and select Activity history under Windows permissions from the right.
- Uncheck the Send my activity history to Microsoft option.
- You can also click on the Clear button to delete the Activity history.
User Account Control
UAC (User Account Control) is also a part of the Windows 10 security system. It is capable of preventing malware and apps from making unwanted changes on your PC. Accordingly, a UAC confirmation dialogue box would emerge if any third-party app or virus tries to change your file/registry. This will be helpful for the users to confirm whether they want to make those changes.
To configure User Account Control (UAC) settings, follow these steps:
- On Windows 11 search bar, type UAC and click on Change User Account Control settings.
- Move the slider up to enable Always notify. Click OK.
- This option will provide a better level of security and prevent specific changes in your system without your consent.
Encrypt Hard Drive
Many PCs come with the feature called “Device Encryption”. This feature encrypts your drive to make it accessible only using a password. The Disk Encryption means that, without the relevant user password, the data and the files on your hard drive are absolutely inaccessible.
On Windows 11, you can encrypt your drive using BitLocker drive encryption.
The BitLocker is capable of securing both the internal and external hard drives. Once the BitLocker encryption is implemented effectively, the drive is locked with a password. Hence, you will have to use the password after that to access the drive.
- On your Windows 11 system, open File Explorer.
- Right-click on the drive that you want to encrypt and select Turn on Bitlocker.
- Follow the on-screen instructions and finish the Bitlocker Encryption.
Manage App Permissions
Like smartphone devices, you can manage the App Permissions on Windows 10 devices as well. Adjusting the permissions would let you control what hardware component your Windows applications are using.
Here are the steps to configure the App Permissions:
- Open Windows 11 Settings.
- From the left pane, select Apps and then click on Apps & Features on the right pane.
- Scroll down and look for the app for which you want to change the permissions.
- Click on the three dots, and select Advanced options.
- Adjust the permissions given to the apps by toggling the buttons ON or OFF. You can also set background running permission for the apps.
Is Windows 11 the most secure Windows OS ever?
Due to a large number of manufacturers for PC, laptops, and other hardware, every time Microsoft releases a new Windows OS variant, they have to adjust it according to different manufacturers to match their compatibility. This makes Windows OS more vulnerable to cyber threats, unlike macOS.
When Windows 10 was released in 2015, Microsoft allowed every PC running on Windows 7 to freely upgrade to Windows 10 without considering much about the hardware compatibility. This backfired severely as many PCs were not ready for Windows 10, but users anyway upgraded as it was offered for free. Evidently, the new Windows 10 OS didn’t work well on those devices, and the OS got many negative feedbacks right after its initial release. As it is said that the first impression is the last impression, Windows 10 never recovered from that initial blow, and many users didn’t even switch to it until they were finally forced for it.
With Windows 11, Microsoft is not repeating that mistake. Through the minimum system requirements for Windows 11, they have clearly indicated that only the device with the latest hardware components will run Windows 11. In this way, Microsoft is ensuring that the security features that Windows 11 brings with it are adequately supported by the devices on which it is installed. This certainly makes Windows 11 the most secure Windows OS ever.
Windows 11’s minimum system requirements are pretty strict such as TPM 2.0 requirement, 8th gen or higher processor, and more. Also, it uses virtualization-based security, or VBS, to isolate parts of system memory from the rest of the system. All these make Windows 11 more secure than any other Windows OS.
To know if your PC can be upgraded to Windows 11, download and install the PC Health Check Up application from Microsoft’s site and check the minimum system requirements. You can also make your computer ready for Windows 11 knowing the minimum requirements.
Peter is an Electrical Engineer whose primary interest is tinkering with his computer. He is passionate about Windows 10 Platform and enjoys writing tips and tutorials about it.