PCs have kept us connected to family and friends throughout the last year and allowed companies to continue to operate. Although we have adapted to working from home, it’s rare to go a day without reading about a new cybersecurity danger. Phishing, ransomware, supply chain, and IoT flaws—attackers are constantly developing new approaches to wreak digital havoc.
But as attacks have increased in scope and sophistication, so have Microsoft. Windows 11 will improve security baselines by incorporating new hardware security standards, giving consumers confidence that they are even more secured from the chip to the cloud on certified devices. Windows 11 has been developed for hybrid work and security, with hardware-based security built-in.
Security by design has long been a priority at Microsoft. What other companies invest more than $1 billion a year on security and employ more than 3,500 dedicated security professionals?
They’ve come a long way in their quest to develop chip-to-cloud Zero Trust out of the box. Microsoft introduced secured-core PCs in 2019 that apply best-practice security to the firmware layer, or device core, that underlies Windows. These devices combine hardware, software, and OS protections to help provide end-to-end safeguards against sophisticated and emerging threats like those against hardware and firmware that are on the rise according to the National Institute of Standards and Technology as well as the Department of Homeland Security.
With Windows 11, it’s easier for customers to get protection from these advanced attacks out of the box. All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust.
The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier to prevent malware and attackers from accessing or tampering with that data.
PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.
TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices.
Windows 11 also has out-of-the-box support for Azure-based Microsoft Azure Attestation (MAA) bringing hardware-based Zero Trust to the forefront of security, allowing customers to enforce Zero Trust policies when accessing sensitive resources in the cloud with supported mobile device managements (MDMs) like Intune or on-premises.
This next-level hardware security is compatible with upcoming Pluton-equipped systems and any device using the TPM 2.0 security chip, including hundreds of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many others.
Windows 11 is a smarter way for everyone to collaborate, share, and present—with the confidence of hardware-backed protections.