mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 05:47:23 +00:00
6.4 KiB
6.4 KiB
title, description, ms.reviewer, ms.topic, manager, ms.author, ms.mktglfcycl, ms.sitesec, ms.pagetype, author, ms.collection, ms.prod, ms.technology
| title | description | ms.reviewer | ms.topic | manager | ms.author | ms.mktglfcycl | ms.sitesec | ms.pagetype | author | ms.collection | ms.prod | ms.technology |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Windows operating system security | Securing the operating system includes system security, encryption, network security, and threat protection. | article | dansimp | deniseb | deploy | library | security | denisebmsft | M365-security-compliance | m365-security | windows-sec |
Windows operating system security
This article provides an overview of operating system security in Windows 11.
Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats.
Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:
| Security Measures | Features & Capabilities |
|---|---|
| Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely. Learn more Secure Boot and Trusted Boot. |
| Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. Learn more about Cryptography and certificate management. |
| Windows Security app | The Windows built-in security application found in setitngs provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. Learn more about the Windows Security app. |
| Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. Learn more about Encryption. |
| BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. Learn more about BitLocker. |
| Encrypted Hard Drive | Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. Learn more about Encrypted Hard Drives. |
| Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. Learn more about Virtual Private Networks (VPNs). |
| Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. Learn more about Windows Defender Firewall with advanced security. |
| Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device. |
| Antivirus & antimalware protection | Microsoft Defender Antivirus |
| Attack surface reduction rules | Learn more about Attack surface reduction rules |
| Anti-tampering protection | Learn more about Tamper protection. |
| Network protection | Learn more about Network protection. |
| Controlled folder access | Learn more about Controlled folder access. |
| Exploit protection | Learn more about Exploit protection. |
| Microsoft Defender for Endpoint | Learn more about Microsoft Defender for Endpoint. |