4.0 KiB
title, description, ms.reviewer, ms.topic, manager, ms.author, ms.mktglfcycl, ms.sitesec, ms.pagetype, author, ms.collection, ms.prod, ms.technology
| title | description | ms.reviewer | ms.topic | manager | ms.author | ms.mktglfcycl | ms.sitesec | ms.pagetype | author | ms.collection | ms.prod | ms.technology |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Windows operating system security | Securing the operating system includes system security, encryption, network security, and threat protection. | article | dansimp | deniseb | deploy | library | security | denisebmsft | M365-security-compliance | m365-security | windows-sec |
Windows operating system security
This article provides an overview of operating system security in Windows 11.
Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats.
Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:
| Security Measures | Features & Capabilities | Description |
|:---|:---|
| System security | Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
To learn more, see Secure Boot and Trusted Boot. |
| | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets.
Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.
To learn more, see Cryptography and Certificate Management. |
| | Windows Security app | |
| Encryption and data protection | Encryption and data protection in Windows 11 | |
| | Encryption | |
| | BitLocker | |
| Network security | Virtual Private Networks (VPNs) | |
| | Windows Defender Firewall with advanced security | |
| | Bluetooth (NEEDED) | |
| | Domain Name System (DNS) security (NEEDED) | |
| | Windows Wi-Fi (NEEDED) | |
| | Transport Layer Security (TLS) (NEEDED) | |
| Protection from viruses and threats | Microsoft Defender Antivirus | |
| | Attack surface reduction rules | |
| | Tamper protection | |
| | Network protection | |
| | Controlled folder access | |
| | Exploit protection | |
| | Integration with Microsoft Defender for Endpoint for additional threat protection |