Windows 11 offers a significant update to Windows’ look-and-feel, changing the Start menu and taskbar, and applying a new design language to the entire operating system.
Under the hood there are bigger changes still, with Microsoft going all-in on its virtualisation-backed hardware security tools. This requires eighth-generation or later x86 processors and a Trusted Platform Module (TPM). It’s part of a rethinking of how IT professionals need to consider security in a world of endemic malware, where crime syndicates operate with impunity. Using virtualisation to lock down and isolate untrusted files is perhaps the least an IT department can do, but it is something that works.
Microsoft has been rolling out hardware-backed security for Windows 10 in its latest Surface hardware, and with Windows 11 will be bringing it to all supported hardware. This includes requiring trusted boot to reduce the risk of kernel malware, Windows Defender Application guard to open downloaded files in sandboxed virtual machines and user logins managed by encrypted tokens stored in a TPM.
This is, at heart, the secure Windows users have been asking for. The question for Microsoft is: will those users be prepared to use the hardware that supports secure Windows? It is going to be an interesting few months as users, admins and developers work out what these new hardware requirements mean for their device fleets.
Earlier in July, Microsoft rolled out the first preview build of Windows 11 to Windows Insiders on the Dev channel, updating test machines to the new operating system. The first public build does not have all the features currently planned for the release, but it is stable and ready for testing.