Microsoft’s latest Windows 11 update, known as 22H2, brings significant security enhancements, including a built-in passkey manager designed to promote passwordless sign-ins and reduce the threat of phishing attacks. Passkeys, linked to specific devices, offer robust defenses against data breaches, phishing attempts, and unauthorized access, eliminating the need to memorize multiple passwords.
Microsoft’s decision to prioritize passkeys stems from a three-fold increase in phishing attacks on user credentials, prompting the company to empower users to replace passwords with passkeys. Users can generate passkeys using Windows Hello, which supports various authentication methods, including facial recognition, PINs, fingerprints, and Bluetooth-paired mobile devices.
In addition to passkeys, the update introduces a passkeys management dashboard accessible through the Settings app, making it easier for users to manage their passkeys. Microsoft aims to align with the FIDO Alliance’s secure sign-in management strategy, positioning passkeys as the cross-platform future of authentication.
Furthermore, the update includes a new policy for IT teams to block password usage across Azure AD-joined enterprise devices, emphasizing the use of strong, phish-resistant credentials such as Windows Hello for Business or FIDO2 security keys. This policy ensures better security while offering recovery mechanisms like PIN resets or web sign-ins when needed.
Microsoft also introduces Config Refresh, allowing security teams to automatically revert policies to a secure default state at specified intervals, enhancing overall security management. Additionally, the update brings App Control for Business (formerly Windows Defender Application Control), enabling organizations to control which apps run in their environments and prevent malicious code execution. Furthermore, users can benefit from more granular firewall logging options and the ability to select ICMP inbound and outbound rules, further enhancing security and control over network traffic.
Microsoft’s commitment to enhancing security and promoting passwordless authentication reflects the evolving landscape of cybersecurity and aims to provide users with more robust and user-friendly options for protecting their digital identities.
