Home SecurityOS Security What are the new Windows 11 22H2 security features?

What are the new Windows 11 22H2 security features?

Source Link

Windows 11 2022 (22H2 release) is now out, and Microsoft has once again placed a heavy emphasis on security. The good news for this release is that even Windows Home versions can receive some of the key security features with no additional Windows or Microsoft 365 licensing. Review the Windows 11 22H2 security baseline documents and begin to test these features.

Windows 11 release cadence

First, a reminder: With Windows 11 feature releases now only come out once a year. Major security changes occurred in the first release of Windows 11 (21H2) as well as this release of 22H2. Between each major feature release will be small incremental changes called “moment” releases. For example, expected future moment updates will be features such as tabs and a new sidebar to File Explorer.

In addition, in certain Microsoft applications, “suggested actions” will prompt users about the next steps to take in applications like Microsoft Teams. These moment releases or “controlled feature rollouts” will be off by default in business releases but will be included in preview releases. Group policies to better control these incremental changes will be available so that you will be able to deploy those changes in your network as you see fit.

Windows 11 Smart App Control

First up is a new feature called Smart App Control. If you remember, the Windows 10 S mode allowed you to install applications only from the Microsoft Store where they had been vetted. Smart App Control is similar in goal but totally different in implementation.

This time Microsoft has a cloud-based directory of trusted applications that it has vetted and has stored the hash values. If Smart App Control is enabled on a newly deployed Windows 11 22H2, any installed binary will be vetted. If the application is not on the list, then the digital signature of the application will be inspected. If it has a valid digital signature, the application will be allowed to be installed. If you have a line-of-business application that does not sign its code, reach out to the vendor to ensure that it is code-signed. This should be a standard process for any good vendor practices.

Smart App Control cannot be enabled after you have installed the operating system. If you have already deployed Windows 11 22H1, you must reinstall 22H2 from scratch to use this feature. Furthermore, if you later disable the setting to get around a needed application that isn’t on the approved list, you won’t be able to undo this choice; it’s a one-way deployment. For these reasons, firms may want to tackle the untrusted application problem with a different tool. You can use Microsoft Intune with Windows Defender Application control to apply policies to control what is installed.

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment