November 19, 2024 at 08:42AM
Microsoft detailed a new Windows 11 admin protection feature in preview, utilizing Windows Hello for authentication to secure critical system resources. It restricts admin rights, requiring users to verify actions via PIN or biometrics. This aims to mitigate malware risks by limiting unauthorized access while ensuring legitimate user control over system functions.
### Meeting Takeaways: Windows 11 Administrator Protection Feature
1. **Introduction of Admin Protection**:
– New security feature for Windows 11 designed to protect admin rights using Windows Hello authentication.
– Currently available in preview for Windows 11 Insiders in the Canary Channel.
2. **Functionality**:
– Admin protection restricts users to standard permissions, requiring authentication via Windows Hello (PIN or biometric) for registry changes or app installations.
– A temporary admin token is created for tasks, which is destroyed immediately after completion, preventing persistent admin rights.
3. **Objectives**:
– Provides enhanced security against malware and unauthorized access to critical system resources.
– Ensures users maintain control over system resources instead of malware or attackers.
4. **User Control and Authentication**:
– Windows Hello is used for blocking access to sensitive folders (Desktop, Documents, Pictures) via Personal Data Encryption.
– Admins can enable Smart App Control and App Control for Business to prevent the installation of malicious software.
5. **Policy Options**:
– IT admins can choose a ‘signed and reputable policy’ to allow verified apps to run, enhancing security against unsafe downloads.
6. **Important Notes**:
– The feature is off by default and requires enabling through group policy.
7. **Quotes for Emphasis**:
– David Weston emphasized that the feature is disruptive to attackers, as it limits their direct access to critical system security.
These points summarize the key aspects and objectives of Microsoft’s new Windows 11 administrator protection feature as discussed in the meeting.