Windows 11 Security Features: Beginner’s Guide

On June 24th, 2021, when Microsoft announced their new ambitious operating system, Windows 11, they made it clear that it is not just about UI makeover. Microsoft made it pretty hard to upgrade to Windows 11 by introducing some strict mandatory requirements like TPM 2.0, 8th gen or higher processor, and more. The reason for such prerequisites is to provide a more secure and tight environment to Windows 11 users. It seems Microsoft is learning from its past mistake.

If you are a long-time Windows OS user, you might be aware of the criticization that Windows 10 receive due to its incompetent security and privacy control. Although Windows 10 comes with some great in-built security features, most of its issues arise because of the OS’s incompatibility with the device’s hardware.

With Windows 11, Microsoft is looking to focus more on security. They are basically making sure that Windows 11 is used only on the latest PCs and laptops by asking for complicated hardware requirements.

If you have upgraded your system to the latest Windows 11 OS, here are the ten essential in-built features to secure it from external threats and privacy hackers.

  Windows 11 Upgrade Checklist : Is your Computer Ready?

Secure Windows 11 with these Features

Reputation-Based Protection

Windows 11 comes with advanced Reputation-based Protection. The Reputation-based protection feature helps the users protect their devices from harmful, potentially unwanted applications (PUA). PUAs are not technically malware but still can be dangerous and become a backdoor for malware programs. Also, since PUAs are unwanted, they unnecessarily take valuable hard disk space. If you are a frequent internet user, then enabling Reputation-based Protection would ensure that no unwanted program enters your device sneakily.

To enable Reputation-based protection, follow these steps:

  1. Click on Start and select Windows 11 Settings.
    open windows 11 settings

  2. Click on Privacy & security from the left pane, and then select Windows Security from the right.
    privacy & security

  3. From the list under Protection areas, select App & browser control.
    windows 11 app & browser control

  4. On the next window, click on the Turn on button to enable the Reputation-based Protection.
    enable reputation based protection

  5. After turning it ON, click on the Reputation-based protection settings.
    reputation based protection setting

  6. Enable or disable the security settings as per your choice.enable or disable the security settings


Ransomware Protection by Controlled Folder Access

Ransomware is one of the deadliest malware programs, and to tackle that, Windows 11 comes with a dedicated Ransomware protection feature. The Controlled Folder Access settings under Ransomware Protection enable you to prevent unauthorized access to your essential folders. It means that no application or code could access the files stored in those folders. This would basically save your important files from potential Ransomware attacks.

Here is how to enable the Controlled Folder Access:

  1. On your Windows 11 system, open Settings and navigate to Privacy & security -> Windows Security.
  2. Choose Virus & threat protection option.windows 11 virus & threat protection
  3. Under Ransomware Protection, click on Manage ransomware protection.manage ransomware protection
  4. Switch ON the Controlled Folder Access.controlled folder access
  5. After enabling it, click on the Protected folders to add the folders.add protected folders
  11 Best Anti-Ransomware Software

Core Isolation

Core Isolation is a Windows 10 feature that comes with a brilliant option known as Memory Integrity. This feature confines computer processes from the software and hardware and enables an extra security layer against malicious attacks such as rootkits.

Memory Integrity uses hardware virtualization and Hyper-V to prevent attempts of any malware injection. Here are the steps to enable it:

  1. On your Windows 11 system, open Settings and navigate to Privacy & security -> Windows Security.
  2. Click on Device Security.Device security windows 11
  3. Under Core Isolation, click on Core isolation details.Core-Isolation-Details
  4. Enable the Memory Integrity by toggling the switch ON.memory integrity
  5. Reboot the device to make the changes effective.

Turn OFF Ads and Tracking

Despite buying the licensed version, Microsoft would still show ads to the Windows 10 consumers on the Start Menu and other places. Microsoft also creates an advertising ID for every individual account. This advertising ID is used for displaying users’ tailored ads by collecting their preferences.

Though tracking and showing ads is by default enabled in Windows 10, you can easily disable it from the settings.

  1. Click on Start and select Windows 11 Settings.
  2. Click on Privacy & security from the left pane and select General under Windows permissions from the right.windows 11 general privacy
  3. Under General Privacy Settings, disable all the tracking and ad displaying options.privacy options Windows 11
  How to Remove Adware and Pop-Up Ads from Windows 10

Windows Defender Firewall

Windows Defender Firewall is a security defense software, pre-installed on all the versions of Windows, including Windows 11.

It can help prevent the system from hackers or malicious software programs, gaining access to the PC through the network. So, the Windows Firewall is always turned on by default. Keep in mind; you shouldn’t turn off the Windows Firewall unless you have a third-party firewall program.

To avoid vulnerable and unauthorized access, for better Windows 11 security, follow the oncoming procedures.

  1. On Windows 11 search box, type Control Panel and click on its icon to launch it.control panel Windows 11
  2. Click on System and SecuritySystem and Security control panel
  3. Next, click on Windows Defender Firewall.windows defender firewall
  4. On the next window, ensure that the Firewall is enabled for both Public and Private Networks.check firewall status
  Block or Allow a Program through a Firewall in Windows 10

Network Scanning

Network Scanning is a hidden option of Windows Defender that scans the network files on the system for any potential threat. Surprisingly this option is disabled by default in Windows 11. However, you can enable it manually using PowerShell.

  1. On Windows 11 search box, type PowerShell, and run it as administrator.run powershell as admin
  2. Type the following command: Set-MpPreference -DisableScanningNetworkFiles 0 and hit the enter key.windows 11 network scanning
  3. The Network scanning would be enabled. To disable it, use this command: Set-MpPreference -DisableScanningNetworkFiles 1

Restrict Diagnostic Data

Microsoft periodically collects the hardware and software diagnostic data to improve the users’ experience on Windows 10 devices. Although you cannot entirely turn off the data collection, you can control what kind of data you want to get collected about you, your device, and the applications you use.

Here are steps to restrict Diagnostic Data:

  1. Click on Start and select Windows 11 Settings.
  2. Click on Privacy & security from the left pane and select Diagnostics & feedback under Windows permissions from the right.Diagnostics & Feedback windows 11
  3. Toggle the button to turn off sending the optional diagnostic data.optional diagnostic data
  4. Further, on the same setting page, you get the options to Turn off the Improve inking and typing, Tailored experiences, View diagnostic data, and Delete diagnostic data.disable sending data

Disable Windows Timeline

Windows 10 has a Timeline feature that keeps the history of the tasks and applications you opened in chronological order so that you can revisit them. In this process, Windows collects a lot of data that can prove heavy on privacy. Fortunately, users can disable sending the activity history to Microsoft.

  1. Click on Start and select Windows 11 Settings.
  2. Click on Privacy & security from the left pane and select Activity history under Windows permissions from the right.Windows 11 activity history
  3. Uncheck the Send my activity history to Microsoft option.send activity history to microsoft
  4. You can also click on the Clear button to delete the Activity history.

User Account Control

UAC (User Account Control) is also a part of the Windows 10 security system. It is capable of preventing malware and apps from making unwanted changes on your PC. Accordingly, a UAC confirmation dialogue box would emerge if any third-party app or virus tries to change your file/registry. This will be helpful for the users to confirm whether they want to make those changes.

To configure User Account Control (UAC) settings, follow these steps:

  1. On Windows 11 search bar, type UAC and click on Change User Account Control settings.UAC settings Windows 11
  2. Move the slider up to enable Always notify. Click OK.always notify uac settings
  3. This option will provide a better level of security and prevent specific changes in your system without your consent.
  How to Enable/Disable User Account Control In Windows 10

Encrypt Hard Drive

Many PCs come with the feature called “Device Encryption”. This feature encrypts your drive to make it accessible only using a password. The Disk Encryption means that, without the relevant user password, the data and the files on your hard drive are absolutely inaccessible.

On Windows 11, you can encrypt your drive using BitLocker drive encryption.

The BitLocker is capable of securing both the internal and external hard drives. Once the BitLocker encryption is implemented effectively, the drive is locked with a password. Hence, you will have to use the password after that to access the drive.

  1. On your Windows 11 system, open File Explorer.
  2. Right-click on the drive that you want to encrypt and select Turn on Bitlocker.turn on bitlocker
  3. Follow the on-screen instructions and finish the Bitlocker Encryption.set Bitlocker Password

Manage App Permissions

Like smartphone devices, you can manage the App Permissions on Windows 10 devices as well. Adjusting the permissions would let you control what hardware component your Windows applications are using.

Here are the steps to configure the App Permissions:

  1. Open Windows 11 Settings.
  2. From the left pane, select Apps and then click on Apps & Features on the right pane.app and features
  3. Scroll down and look for the app for which you want to change the permissions.
  4. Click on the three dots, and select Advanced options.apps advanced options
  5. Adjust the permissions given to the apps by toggling the buttons ON or OFF. You can also set background running permission for the apps.App permissions windows 11
  Fix "This App has been Blocked for your Protection" in Windows 10

Is Windows 11 the most secure Windows OS ever?

Due to a large number of manufacturers for PC, laptops, and other hardware, every time Microsoft releases a new Windows OS variant, they have to adjust it according to different manufacturers to match their compatibility. This makes Windows OS more vulnerable to cyber threats, unlike macOS. 

When Windows 10 was released in 2015, Microsoft allowed every PC running on Windows 7 to freely upgrade to Windows 10 without considering much about the hardware compatibility. This backfired severely as many PCs were not ready for Windows 10, but users anyway upgraded as it was offered for free. Evidently, the new Windows 10 OS didn’t work well on those devices, and the OS got many negative feedbacks right after its initial release. As it is said that the first impression is the last impression, Windows 10 never recovered from that initial blow, and many users didn’t even switch to it until they were finally forced for it.

With Windows 11, Microsoft is not repeating that mistake. Through the minimum system requirements for Windows 11, they have clearly indicated that only the device with the latest hardware components will run Windows 11. In this way, Microsoft is ensuring that the security features that Windows 11 brings with it are adequately supported by the devices on which it is installed. This certainly makes Windows 11 the most secure Windows OS ever.

How is Windows 11 more secure?

Windows 11’s minimum system requirements are pretty strict such as TPM 2.0 requirement, 8th gen or higher processor, and more. Also, it uses virtualization-based security, or VBS, to isolate parts of system memory from the rest of the system. All these make Windows 11 more secure than any other Windows OS.

How do I know if my computer can run Windows 11?

To know if your PC can be upgraded to Windows 11, download and install the PC Health Check Up application from Microsoft’s site and check the minimum system requirements. You can also make your computer ready for Windows 11 knowing the minimum requirements.

  How Windows 11 will Speed Up your PC

Leave a Comment