New Security Features in Windows 11: "Smart App Control" & more

Windows[German]Microsoft has not only outlined the future roadmap in terms of Windows 365 Cloud PC integration for Windows 11 on April 5, 2022. They announced also, that new security features will be available in Windows 11. Microsoft Defender's "Smart Screen" supports a phishing protection. Furthermore, security features such as Personal Data Encryption and Smart App Control are available for corporate environments.


The planned new security features for Windows 11 are presented on the Microsoft security blog in this Microsoft blog post.

Defender Smart Screen with phishing protection

In 2021, 25.6 billion brute-force authentication attacks were blocked on Microsoft Azure Active Directory (Azure AD) and 35.7 billion phishing emails were intercepted with Microsoft Defender for Office 365. With Microsoft Defender's SmartScreen, enhanced phishing protection, including detection, has been integrated into Windows.

Defender Smart Screen Phishing protection
Defender Smart Screen Phishing Protection, Source: Microsoft

This features is designed to protect users from phishing attacks, and issues a warning as soon as the user attempts to enter Microsoft credentials into a malicious application or hacked website. These enhancements make Windows the world's first operating system with phishing protection built directly into the platform, helping users stay productive and safe without having to learn to be their own IT department.

Smart App Control

The Smart App Control security feature prevents users from running malicious apps on Windows devices that block untrusted or unsigned apps by default. The feature is supposed to be embedded directly into the core of the operating system at the process level. This is probably also the reason for the hardware requirements of Windows 11 in terms of CPU used.


Smart App Control uses code signing and AI to check whether the execution of processes can be classified as safe. For this purpose, the AI also evaluates the application trust within the Microsoft Cloud. When a new app is run on Windows 11, its core signing and core functions are checked against this application trust AI model to ensure that only known safe apps can run.

Smart App Control is included on new devices that have Windows 11 installed. Devices with earlier versions of Windows 11 must be reset and receive a fresh install of Windows 11 to use this feature.

Personal Data Encryption

Mobile devices pose the greatest risk of unintentional data leakage (through loss or theft) in enterprises. Until now, only Bitlocker was available in Windows Enterprise versions for encrypting data media. This is where the Windows 11 Personal Data Encryption feature should help. Regardless of where users are working, the new Personal Data Encryption feature in Windows 11 gives applications and IT the ability to protect user files and data while a user is not logged on to the device.

To access the data, the user must first authenticate with Windows Hello for Business. This links the data encryption keys to the user's passwordless credentials, making the data more resistant to attack even if a device is lost or stolen, and adding another layer of protection to sensitive data.

The blog post New security features for Windows 11 will help protect hybrid work on the Microsoft security blog describes other security features Microsoft has implemented in Windows 11 – primarily for businesses. These include Credential Guard, which will be automatically activated in Windows 11 Enterprise in the future. For Local Security Authority (LSA), additional protective measures are provided to prevent or make it more difficult to read credentials. Config Lock provides the ability to monitor changes in the registry and set them to default values that can be specified. Hypervisor-Protected Code Integrity (HVCI) is to be enabled by default on a larger number of Windows 11 devices in the future. Driver blocklists are to additionally increase security in Windows (see New security feature allows driver block lists in Windows 10, 11 and Windows Server).

Similara articles:
Windows 11: Windows 365 Cloud PC will be integrated, new Explorer and more
New security feature allows driver block lists in Windows 10, 11 and Windows Server
Windows 11: Hardware requirements
Windows 11: Most hardware don't fulfill the minimum requirements, Microsoft reveals by-passing trick
Windows 11: Microsoft specifies hardware requirements, no blocking on incompatible devices
Upgrade Block to Windows 10 2004 for devices with Core isolation (HVCI)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *