Windows 11 Pro Devices and Zero-trust Security
Do you have questions about the Zero-trust security built into new modern Windows 11 Pro devices?
Windows 11 Pro Devices and Zero‑trust Security
Adapt to a hybrid work model while protecting against modern threats. Rise above with devices powered by Windows 11 Pro. Watch this video to hear Rob McGilvrey—MBA Americas Specialist for Windows Pro and Modern Endpoints, Microsoft—discuss several security topics related to zero-trust security, including:- Integrating hardware and software for powerful, out-of-the-box protection
- Shielding valuable data and enabling secure hybrid work
- Supporting zero-trust security and creating a holistic defense for your users
Security Concerns by the Numbers
We also know that they have come back and said, “Hey, look, we think—and we agree—that new modern hardware will help prevent against some of these evolving threats in the market, because we know bad actors are continuing to get more intelligent. And so modern hardware can definitely help improve the overall security posture in our organization.”
We also know that hybrid workers are here to stay. I’m working from my home right now. And I travel, so we know that there are dynamics where we’re not always inside the office within the four walls of an organization. And we also know outside of IT are the business leaders. Greater than 70% of those business leaders say, “Hey, look, we think the quality of the PC needs to improve to really help support the new way that we’re working.” We also know that cyber threats are becoming more frequent. They’re becoming more sophisticated. And they’re also becoming more costly. 83% of those IT and security decision makers we surveyed said they experienced some type of firmware-level attack in their environment over the past few years.
So bad actors are not just going after credentials anymore. They’re going after the physical hardware on a device to try to gain access to information. Those that have reported some type of security or cyber security attack on average have had 6.7% loss in revenue. We know this industry is growing. We saw 150% increase in ransomware attacks between 2020 and 2021. And we predict that this cybercrime industry will grow to $10.5 trillion by 2025. I took a moment and looked it up. It would be in the top 10 in the world from the global GDP perspective.
 |
Rob McGilvrey, MBA Americas SpecialistWindows Pro and Modern
|
Closing Thoughts
“We know that some people just think, “Oh, I’m on Windows 10. I’m good until October 14, 2025.” But that may not be the case. So, we encourage you to make sure that you’re going back, you’re checking which version is your standard in your organization, and then looking how you can strategically start to migrate and move those eligible pieces of hardware up to Windows 11. So, you set yourself on the best trajectory to take advantage of a lot of this investment that we’re bringing into the Windows 11 platform.”If you would like to continue the conversation in more depth, please reach out to your Account Team today.
Thank you!
–Rob McGilvrey
Windows 11 Pro Devices and Zero-trust Security Q&A
I think the biggest thing to understand is if your hardware is capable of supporting Windows Hello. You want to make sure that you’re enabling the best end-user experience there. I’ve talked with customers who say, “Yeah, we’ve got Windows Hello on the roadmap, but we realize that we’ve been buying devices for years. And we weren’t paying attention to the camera components or fingerprint readers being available on those devices.”
Yes, with Windows Hello for Business, can you turn on convenience pin? You can. So, you can leverage that feature. But if we really want to maximize the end-user experience and security, leveraging the biometrics of face and finger really are important. So, my first recommendation is just understand what capabilities your current devices have—and (as you look at purchasing future devices, and it’s something you want to leverage in your organization that you’re paying attention to) those additional features and those hardware components that are required to light up those features in your environment.
Yes, with Windows Hello for Business, can you turn on convenience pin? You can. So, you can leverage that feature. But if we really want to maximize the end-user experience and security, leveraging the biometrics of face and finger really are important. So, my first recommendation is just understand what capabilities your current devices have—and (as you look at purchasing future devices, and it’s something you want to leverage in your organization that you’re paying attention to) those additional features and those hardware components that are required to light up those features in your environment.
This one’s great. So, this goes back to secure core PC. I will say we probably don’t do a great job at Microsoft explaining what a secure core PC is. A lot of those technologies—like Dynamic Root Trust and System Management Mode—are part of those silicon platforms. And so, we encourage you again, as I mentioned, to go to your current Windows device, type in Windows security, click in device security, and look at those categories. And then click on some of those links to understand what those features are and understand how moving potentially into a vPro platform can help you enable some of those additional features that can really help harden up the core of a device and make sure you’re comfortable with what level of security you want in your organization from a hardware perspective.
I definitely encourage everyone on here to check. Sometimes in webinars, we ask people to go check it out and drop their screenshot in if they’re comfortable. But we do encourage you to check out what level of security your device is from a Windows perspective.
I definitely encourage everyone on here to check. Sometimes in webinars, we ask people to go check it out and drop their screenshot in if they’re comfortable. But we do encourage you to check out what level of security your device is from a Windows perspective.
So, this is a great question. I think this leads into our commitment on Windows 11 and app compatibility. Currently we have a 99.7% app compatibility rate between Windows 10 and 11. Windows 11 is a feature-update-in-place-upgrade to an eligible piece. If you want to get really technical, and you want to start looking at the OS version, I mean, the Windows 11 OS version still starts with 10. Windows 11 is built on the foundation of Windows 10. And so that’s how we’re able to have such a high app compatibility rate. But I’m not going to leave that there. What I’m also going to say is… Hey, look, you’ve got solutions in play today in your organization. You’re leveraging these solutions on Windows 10 devices. We guarantee that if you’re using something on a Windows 10 device today, it will work on Windows 11.
If it doesn’t, we have what’s called our Microsoft App Assure Program. It’s available free of charge for organizations—one employee and more—where we will get our engineers involved to help remediate why that application that you’re using today in your environment that’s running on Windows 10 won’t run on Windows 11.
Also, potentially, if you have a third-party provider who hasn’t publicly stated that they will support their applications on Windows 11, please let us know because that App Assure Team wants to talk with that provider to understand why they’re hesitant—and what roadblocks they’re facing—so we can work with them to make sure that they’re comfortable and can publicly state and support their applications (that are running on 10 today) on Windows 11.
If it doesn’t, we have what’s called our Microsoft App Assure Program. It’s available free of charge for organizations—one employee and more—where we will get our engineers involved to help remediate why that application that you’re using today in your environment that’s running on Windows 10 won’t run on Windows 11.
Also, potentially, if you have a third-party provider who hasn’t publicly stated that they will support their applications on Windows 11, please let us know because that App Assure Team wants to talk with that provider to understand why they’re hesitant—and what roadblocks they’re facing—so we can work with them to make sure that they’re comfortable and can publicly state and support their applications (that are running on 10 today) on Windows 11.
Make sure you check—if I remember correctly—I believe with the 22H2 rollout, it’s off by default with that cumulative update. So, you definitely want to check to make sure that’s being turned on. You know, I think the biggest thing on security with Copilot is Bing Chat Enterprise.
We do know that there’s organizations out there that are telling employees, “Hey, don’t use these chats that use these large language models out on the Web because you could be potentially putting company sensitive data into these chats that don’t have those commercial protection policies in place.”
So, on Copilot, the biggest thing around security is really you want to enable Bing Chat Enterprise with that information, so you get those commercial protections that are rolled into our overall responsible AI policies here at Microsoft. And if you need to have deeper conversations around that, around Bing Chat Enterprise, we have resources that are able to help with that as well.
My instance of Copilot, when I pull it up, it says Bing Chat Enterprise at the top and that my information is protected by our commercial policies—which means that no one at Microsoft can see your data you put in Bing Chat Enterprise. Your data is your data. It’s not used to train any of the language models.
And so, we have put those commercial privacy data things in place. That’s probably the biggest element with Copilot in Windows today, which is around Bing Chat Enterprise versus Bing Chat—which is the basic enabled feature within Copilot.
We do know that there’s organizations out there that are telling employees, “Hey, don’t use these chats that use these large language models out on the Web because you could be potentially putting company sensitive data into these chats that don’t have those commercial protection policies in place.”
So, on Copilot, the biggest thing around security is really you want to enable Bing Chat Enterprise with that information, so you get those commercial protections that are rolled into our overall responsible AI policies here at Microsoft. And if you need to have deeper conversations around that, around Bing Chat Enterprise, we have resources that are able to help with that as well.
My instance of Copilot, when I pull it up, it says Bing Chat Enterprise at the top and that my information is protected by our commercial policies—which means that no one at Microsoft can see your data you put in Bing Chat Enterprise. Your data is your data. It’s not used to train any of the language models.
And so, we have put those commercial privacy data things in place. That’s probably the biggest element with Copilot in Windows today, which is around Bing Chat Enterprise versus Bing Chat—which is the basic enabled feature within Copilot.
I think we talked a little bit about that. You know we have publicly stated that Windows 10 22H2 is the last version of Windows 10. We will not be bringing any new features into the Windows 10 platform. So, things we talked about around the enhancements of Windows Hello for Business with presence sensing passkeys. You know, things we mentioned about enhanced phishing protection with Microsoft Defender SmartScreen. Those are Windows 11-only features.
And so, we’re going to continue to bring in new security features, and we’re going to continue to innovate in the Windows 11 operating system over the next few years, helping it to become more secure. So, I think that’s the question you have to ask is…one, you first need to make sure you’re on a supported version of Windows 10 and know that “Hey, if I stay on Windows 10, I’m not going to get any new features. The only thing I’m going to get is security updates between now and end of support. And so, if I want to start leveraging these new features and leverage those in my environment to help it be more secure, then Windows 11 is the platform for that.”
And we’re going to continue to innovate. We’ve made a commitment around continuous innovation in the Windows 11 platform, and we’ve also made a commitment around controls for that continuous innovation as well. So, like for instance, on Copilot, there’s controls around Copilot so you can turn that feature off at the IT level. And so, we are continuing to make investments both from security and AI, and how we can leverage all the telemetry that we’re tracking on a daily basis—I think it’s 65 trillion signals on a daily basis that we’re tracking—and how can we bring that into the operating system in Windows 11 to help it be more secure.
And so, we’re going to continue to bring in new security features, and we’re going to continue to innovate in the Windows 11 operating system over the next few years, helping it to become more secure. So, I think that’s the question you have to ask is…one, you first need to make sure you’re on a supported version of Windows 10 and know that “Hey, if I stay on Windows 10, I’m not going to get any new features. The only thing I’m going to get is security updates between now and end of support. And so, if I want to start leveraging these new features and leverage those in my environment to help it be more secure, then Windows 11 is the platform for that.”
And we’re going to continue to innovate. We’ve made a commitment around continuous innovation in the Windows 11 platform, and we’ve also made a commitment around controls for that continuous innovation as well. So, like for instance, on Copilot, there’s controls around Copilot so you can turn that feature off at the IT level. And so, we are continuing to make investments both from security and AI, and how we can leverage all the telemetry that we’re tracking on a daily basis—I think it’s 65 trillion signals on a daily basis that we’re tracking—and how can we bring that into the operating system in Windows 11 to help it be more secure.
Connection Community
Windows 11 Pro Devices: Your Cybersecurity Guardian in the Hybrid Era
Are cybersecurity issues and risk your top concern? They should be. In this blog post, we share how you can safeguard against cyberattacks at every level by refreshing to modern Windows 11 Pro devices.12