Microsoft Windows 11 Updates Will Include Windows 365 ‘Cloud PC’ Integration

… TPM 2.0, identity protection, Direct Memory Access and Memory Integrity protection. So says David Weston, Microsoft’s VP of enterprise and OS security.

Weston described Microsoft Pluton as a security processor with direct integration with the CPU and the operating system. Pluton will appear in Secured-core PCs.

Microsoft’s David Weston

“Pluton is the only security processor which is kept regularly up-to-date with key security and functionality updates coming through Windows Update just like any other Windows component,” Weston noted.

Consequently, Pluton does not require typical manual firmware updates. Pluton is developed by a team that builds other OS security features, including Windows Hello and BitLocker. Hence, Pluton is optimized for the operating system, according to Weston. Pluton also undergoes penetration testing, with a program that provides bug bounties. Weston also demonstrated how Pluton is designed to protect against physical attacks.

Windows 11 Security Improvements

Besides Pluton, Microsoft is boosting Windows 11 security with several key new capabilities. One is Smart App Control, which prevents users from running malicious software by blocking unsigned applications by default. Smart App Control goes beyond protections built into browsers or antivirus and anti-malware alone tools, explained Katharine Holdsworth, Microsoft’s principal program manager of enterprise and OS security.

“This is yet another layer of security that is woven directly into the core of the OS at the process level,” Holdsworth explained during a breakout demo. “Using AI, our new Smart App Control only allows processes to run that are predicted to be saved based on the intelligence that we have. And it is continuously updated. Think of it as giving you extra-level protection from wherever you choose to get apps.”

Weston demonstrated a scenario where someone is downloading an app that appears to be Microsoft To Do. But it is actually a malicious app running ransomware, undetected by anti-malware software.

“However, on this device with Smart App Control, the malicious app is blocked because our AI system did not determine it is safe and could not identify the publisher based on its signing certificate,” he said. “This is true zero trust for applications.”

Windows 11 will also offer improved credential security with Microsoft Defender SmartScreen. Noting that Microsoft has blocked 25.6 billion brute force attacks against Azure Active Directory and 35.7 billion phishing emails, SmartScreen will alert users when they are entering their Microsoft credentials into a malicious app or website.