By Ed Lane
Behind its great looks and smooth experiences, Windows 11 is delivering a new level of protection with hardware and software security working together to help keep user data and devices safe.
“We have raised the security bar to ensure that our customers are secure … wherever they are,” Adi Hariharan, director of Windows Product Marketing, told reporters in Asia recently.
The massive global shift to remote work and learning during the pandemic has heightened concerns over cyberthreats and efforts to stay ahead of future dangers are ongoing. “We will be investing over US$20 billion over five years to advance our security solutions,” he said.
The Microsoft Pluton security processor is part of end-to-end security innovation efforts that also draw on the work of silicon partners like AMD, Intel, Qualcomm Technologies to enable security from “the minute a device is out of the box and turned on.”
Microsoft mandates that for devices to be eligible to upgrade to Windows 11 they require at a minimum a chip like TPM2.0 or the Microsoft Pluton security chip. The same requirement goes for new Windows 11 PCs as well.
“It’s almost like a traffic cop is verifying it and allowing or denying access.”
This new combination forms a “core that brings hardware and software tightly integrated in a unified security approach,” Hariharan said. Part of this is a series of gatekeeper “signals” that can operate at electron speeds to deny entry to unauthorized access.
“It’s almost like a traffic cop is verifying it and allowing or denying access,” Hariharan said.
Microsoft unveiled Windows 11 in October to a market upended by working, learning, and playing from home and remotely. The feel of the new software is meant to be familiar, but also take the user in new directions in color and sound and ease of spatial organization.
Designing, however, started well before the pandemic and drew on significant customer feedback on areas like security and ease of use. The discussions at Microsoft also focused on the human touch, creating a “calm” interface and new iconic wallpaper in the form of a “Bloom” that combines with rounded edges in panes instead of hard right angles.
The security architecture design was built around five themes:
- Identity and privacy
- Operating system
- Hardware i.e., the chip
For the cloud, the aim is to station a gatekeeper at a crucial point of access for users that enables them to tap the tools they need and keep unauthorized attempts out.
For Windows 11, the integration of software and hardware brings in “hardware-enabled security value for customers” not seen in the past.
“For example, Virtualization Based Security creates a hardware-based barrier between an application like Microsoft Edge and the operating system preventing bad actors from getting broad access in the event of a breach.”
“We believe in the idea of security monitoring as a tool that can be used easily.”
For applications, the now-widespread use of tools like Teams for those working from home brings advantages when using with Microsoft Word or other programs, but also challenges on the security side.
That’s where the artificial intelligence and “signals” come in to detect and understand access and work with security chips, like the Microsoft Pluton, to make the right decisions.
The Microsoft Pluton chip isolates encryption keys so that even in physical possession of the device an attacker can’t access them. “
“Pluton uses secure hardware cryptography to ensure keys are never exposed outside of the protected hardware, even to the Pluton firmware,” Hariharan said.
He added that administrators will be able to upgrade and work with the software on access parameters, providing flexibility.
“In Windows 11, hardware and software security work together to help keep user data and device protected,” Hariharan said, adding the design starting point was “zero trust” on access requests until verified. Among features enhancing the level of security are biometric access and two-factor authorization.
Ed Lane is a journalist based in Singapore.