Microsoft Ignite Archives | Windows Experience Blog

Windows security and resiliency: Protecting your business

Tue, 19 Nov 2024 13:30:34 +0000

At Microsoft, security is our top priority, and with every release, Windows becomes even more secure. At Ignite 2024, we will highlight new Windows security innovations that will provide the clarity and confidence our customers and organizations require while navigating this evolving digital landscape. We will also talk about our learnings from the July incident, and investments we are making as a result. Protecting your data and ensuring the integrity of your systems is paramount. From chip to cloud, Microsoft provides multiple layers of security to help protect identities and data, and enables an expansive ecosystem for innovation at a critical time. As the security landscape evolves, we continuously enhance Windows' security and resilience, ensuring it remains a secure platform for our partners, developers and customers. A strong security posture is essential for your business, and a shared responsibility across our ecosystem. This week at Ignite, we’re sharing more on our Secure Future Initiative (SFI) — our commitment to making security foundational in everything we do at Microsoft. Since launching SFI, we’ve focused the equivalent of 34,000 full-time engineers on the highest-priority security challenges. The November update dives into insights across all aspects of SFI as well as learnings that customers can implement to strengthen their own security posture. Explore the latest insights and best practices in our November update.

Security and Resiliency: Our Top Priority

Protecting your organization’s data from emerging threats and ensuring system integrity is paramount. Windows 11 raises the bar for security and reliability, while maintaining the Windows open ecosystem where customers and partners innovate freely. We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers. As part of this commitment, we are introducing the Windows Resiliency Initiative, covering four areas of focus:

Strengthen reliability based on learnings from the incident we saw in July.

Enabling more apps and users to run without admin privileges.

Stronger controls for what apps and drivers are allowed to run.

Improved identity protection to prevent phishing attacks.

Empowering IT administrators with great tools during critical times is a top priority. Our first step is born out of the learnings from the July incident with the announcement of Quick Machine Recovery. This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC. This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past. Quick Machine Recovery will be available to the Windows Insider Program community in early 2025. We are our evolving our partnership with endpoint security partners who you rely on to keep your employees safe as part of the Microsoft Virus Initiative (MVI). Together, we will adopt Safe Deployment Practices, which means that all security product updates must be gradual, leverage deployment rings, as well as monitoring to ensure any negative impact from updates is kept to a minimum. To help our customers and partners increase resilience, we are developing new Windows capabilities that will allow security product developers to build their products outside of kernel mode. This means security products, like anti-virus solutions, can run in user mode just as apps do. This change will help security developers provide a high level of security, easier recovery, and there will be less impact to Windows in the event of a crash or mistake. A private preview will be made available for our security product ecosystem in July 2025. And, in alignment with the Secure Future Initiative, we are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust.

Windows 11 Secure by Default: More Secure than Windows 10

Moving to Windows 11 provides a more protected environment with advanced security features. We are intently focused on raising the bar to ensure robust defense against sophisticated attacks. All new Windows 11 PCs require a hardware-backed security baseline, such as TPM 2.0 and virtualization-based security by default. This baseline is the starting point, and the foundation needed to help secure everything else on Windows. Copilot+ PCs feature Windows Hello Enhanced Sign-in Security, and the built-in Microsoft Pluton security processor, ensuring they meet the high standards of secured-core PCs by default. Built into new Windows 11 PCs, including Copilot+ PCs, are a growing list of existing features now enabled by default, or with additional protections added to significantly reduce the potential for attacks. These changes make Windows 11 more secure by default than Windows 10, from the chip to the cloud. Examples include Credential Guard, vulnerable driver block list, Local Security Authority (LSA) protection now enabled by default for new consumer devices, and BitLocker enabled by default on most modern systems. In addition, insecure code and crypto algorithms have been removed, and kernel attack surfaces, like Tool Tips, have been moved to user mode. Our security teams are working hard for you, so you don’t need to spend your time manually enabling security on new or upgraded PCs. Our focused security work, driven by observing attacker patterns and behaviors, has resulted in a reported 62% drop in security incidents and a threefold reduction in firmware attacks and 2.9 times fewer instances of identity theft reported.¹

New Windows 11 Security

Security is a pursuit, and not a destination. Today, I am announcing new features to help commercial customers with three longstanding challenges with Windows security — overprivileged users and applications; unverified apps and drivers; and insecure credentials and authentications. These capabilities have been top requests from customers around the world, including our internal Microsoft security team who we are working with to ensure real-world testing in preparation for scaling to our largest customers.

Reducing Administrator Privileges

Running users and apps as administrator violated the principle of least privilege and leads to many security incidents. As noted in the 2024 Microsoft Digital Defense Report, token theft incidents, which abuse user’s privileges, have grown to an estimated 39,000 per day². With that in mind, organizations today have a complex binary challenge when setting up policy for employees. The choice is between having users with standard user permissions or users with administrator permissions. By choosing to run with administrator permissions, you can do every modification you need — like adjusting the time-zone, making registry changes, installing applications and many other tasks without friction. However, the bad news is that if malware infects your account, it then also has direct access to critical system resources, and can silently make changes that cause disruption, result in data loss, or worse. By contrast, standard user permission offers better security. User access to critical system resources is blocked by default, and it helps block malware or apps from silently changing machine configurations. However, standard user permission is frustrating for users as they cannot do some common tasks like changing the time settings or installing productivity applications, because in many cases a standard user will not have the administrator credential. Standard user permission also creates an additional overhead for IT to help users with acceptable tasks, unless they have tools such as Microsoft Intune Endpoint Privilege Management.

Administrator protection, currently in preview, is a new solution where users have the security of standard user permissions by default, but can still easily make system changes, including app installation, on their PCs when needed. With administrator protection, if a system change requires administrator rights, like some app installations, the user is prompted to securely authorize the change using Windows Hello. Windows creates a temporary isolated admin token to get the job done. This temporary token is immediately destroyed once the task is complete, ensuring that admin privileges do not persist. Administrator protection helps ensure that users, and not malware, remain in control of system resources. It will also be disruptive to attackers as they no longer have automatic, direct access to the kernel or other critical system security without specific Windows Hello authorization.

[caption id="attachment_179206" align="alignnone" width="815"] User prompts for authorizing admin operations[/caption]

Protecting Credentials

Credential and identity theft is a prime focus of cyberattacks. In fact, Microsoft Entra data shows that of more than 600 million identity attacks per day, more than 99% are password-based³. And our findings reveal that Multifactor Authentication (MFA) offers outstanding protection, with over 99.99% of MFA-enabled accounts remaining secure during the investigation period⁴. We continue to add additional protection for credentials and authentications.

Windows Hello is the built-in MFA solution on Windows. It has been further hardened and extended to support passkeys. You no longer need to choose between a simple sign-in and a safe sign-in. Windows Hello is also being used to protect Recall and Personal Data Encryption.

Trusted Apps and Drivers

Many attacks occur due to users downloading unsafe or unsigned apps and drivers. We continue to add protections to help you defend yourself and your organization from malicious apps and drivers.

Smart App Control and App Control for Business policies provide peace of mind that only verified apps can run on your device. This eliminates attacks like malicious attachments or social engineered malware. With the power of AI, we’ve made it much simpler to deploy. IT admins can simply select the ‘signed and reputable policy’ template in the app control wizard. This enables millions of verified apps to run regardless of the deployment location. Line of business apps unknown to Microsoft can be easily added by the IT admin through policy changes or via Microsoft Intune managed app deployments.

Windows Protected Print works seamlessly with Mopria-certified devices and does not require third-party drivers. It is designed to mitigate many of the past security issues with print drivers, and offers a more streamlined experience.

Data Protection

Your commercial data is one of the most important assets for your business, and we are providing more encryption options, including Personal Data Encryption.

Personal Data Encryption for known folders is a new Windows 11 Enterprise capability using Windows Hello authentication to help protect files stored in the Desktop, Documents and Pictures folders. Protection is indicated by the lock icon on the file. With Personal Data Encryption enabled, a device administrator won't be able to view file content, as the files remain encrypted until you authenticate with Windows Hello. An IT admin, using Microsoft Intune (or another management tool) can select all or a subset of these folders to apply Personal Data Encryption. It integrates with OneDrive and SharePoint on Microsoft 365 to allow for easy collaboration. Personal Data Encryption can be used independently of BitLocker, or other solutions, and when combined with BitLocker, it offers double encryption protection. Enterprise developers can also leverage the Personal Data Encryption API to extend protection of their application data.

OS Management and Configuration

In addition to evolving security features, we continue to evolve tools to enable IT to manage and configure Windows at scale.

Hotpatch in Windows is being introduced for Windows 11 Enterprise 24H2 and Windows 365. This revolutionary feature allows businesses to apply critical security updates without requiring a system restart, shortening your time to adopt critical security updates by up to 60% from the moment a security update is offered. With hotpatching through your Windows Autopatch settings in Microsoft Intune, you can reduce the number of system restarts for Windows updates from 12 times a year to just four, minimizing security risk while keeping systems secure and productivity uninterrupted. This means consistent protection, and a streamlined, seamless experience for your users. Hotpatch in Windows is currently in preview.

Zero Trust DNS. Network destinations are often defined by domain names, making enforcement challenging. Zero Trust DNS restricts Windows devices to approved domains, blocking outbound IPv4 and IPv6 traffic unless resolved by a Protected DNS server or allowed by IT admin. Learn more about the Zero Trust DNS preview.

Config Refresh, available now, is a frequently requested feature as configuration drift can occur when a user or app makes changes to a PCs system registry. Config Refresh helps enforce MDM-defined security policies by automatically returning PC settings to the preferred configuration. Config Refresh works locally on the PC without needing to connect to the MDM, so devices can self-manage settings drift even when offline.

Security and Innovation for a Reliable Digital Future

Nearly 40 years after its launch, Windows continues to evolve to meet the challenges of the ever-changing digital landscape and delivering on expectations for reliability and security. Security is a team effort; by collaborating with OEM partners, app developers and others we deliver Windows from chip to cloud, secure by design and default. The updated Windows Security book is available to help you understand how to stay secure with Windows. Learn more about Windows 11 and Copilot+ PCs. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. ¹ Windows 11 Survey Report. Techaisle, September 2024. Windows 11 results are in comparison with Windows 10 devices. ² Microsoft Digital Defense Report 2024 ³ Microsoft Digital Defense Report 2024 ⁴ How effective is multifactor authentication at deterring cyberattacks? - Microsoft Research Editor's note -- Nov. 25, 2024 -- Footnotes were added for clarity.

Microsoft Ignite 2024: Embracing the future of Windows at work

Pavan Davuluri, President, Windows + Devices — Tue, 19 Nov 2024 13:30:18 +0000

Windows has been at the heart of modern computing for nearly 40 years. It is the ubiquitous, open platform that powers computing experiences around the world and plays a significant role across multiple industries, such as education, government, military, hospitals and corporations, many of which provide mission critical services requiring a high level of security and resiliency. And this responsibility that Windows holds to keep businesses of every size running is one we take seriously. In close collaboration with our ecosystem partners, we ensure that Windows remains the optimal platform for organizations to perform at their best. As we enter this new era of work, we are focused on empowering our customers and organizations to modernize their computing experience with AI experiences and the cloud. As we come together at Microsoft Ignite 2024, we're excited to unveil the latest security, AI and cloud innovations coming to Windows for our commercial customers. We're pushing the boundaries to continue making Windows the most secure and performant platform for you and your organization. Announcements include:

The latest security innovation, requirements and updates on our commitment to building the most secure operating system on Earth
Availability of new cutting-edge AI tools for our developer community designed to drive new innovation on Copilot+ PCs and Windows 11
Updates on AI-powered Copilot+ PCs with Windows 11 and Microsoft 365 for enhanced productivity
The introduction of a new class of devices built to connect securely to Windows 365 in seconds, and expansion of Cloud PC solutions to more jobs such as Frontline workers, BYOD (bring your own device) employees, high-capacity computing and cloud-powered resiliency.

Throughout the next few days, we will outline our commitment to security, productivity and user experiences across Windows 11, Copilot+ PCs and Windows 365. Windows 11 is the most secure operating system on Earth, and the best computing platform for businesses of all sizes. We will explore how, together, Windows 11 and Microsoft 365 boost employee productivity, the value and performance Copilot+ PCs provide organizations, and we will share details on the right IT controls and security layers available to safeguard your organization. Additionally, we will highlight how Windows enables management of countless mission-critical workloads and how we are extending Windows across more platforms, to more jobs, with Windows 365 Cloud PCs.

Security and Resiliency: Our Top Priority

[caption id="attachment_179197" align="alignnone" width="1024"] Layers of protection chip to cloud[/caption] Protecting your organization’s data from emerging threats and ensuring system integrity is paramount. Windows 11 raises the bar for security and reliability, while maintaining the Windows open ecosystem where customers and partners innovate freely. We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers. As part of this commitment, we are introducing the Windows Resiliency Initiative, covering four areas of work:

Strengthen reliability based on learnings from the incident we saw in July
Enabling more apps and users to run without admin privileges
Stronger controls for what apps and drivers are allowed to run
Improved identity protection to prevent phishing attacks

Empowering IT administrators with great tools during critical times is a top priority. Our first step is born out of the learnings from the July incident with the announce of Quick Machine Recovery. This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC. This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past. This feature will be available to the Windows Insider Program community in early 2025. We are also evolving our partnership with endpoint security partners you rely on to keep your employees safe. For over 20 years, we have collaborated deeply with these partners as part of the Microsoft Virus Initiative (MVI). These partners have extensive integration with the Windows platform and play a significant role in safeguarding customers' digital portfolios. This summer we brought together a group of industry leaders and partners to discuss new ways we can work together to ensure that Windows 11 remains the most secure and resilient operating system. As an outcome of that summit, MVI partners will be required to take specific actions to improve security and reliability. In addition to increased testing and strengthened incident response processes, these partners must follow safe deployment practices for updates to your Windows endpoints. The practices include controlled gradual rollouts, and the monitoring and recovery procedures such as those recently shared by the US Cybersecurity and Secure Infrastructure Administration (CISA). The close Microsoft collaboration with MVI partners also includes working on new Windows platform capabilities to enable running anti-virus processing outside kernel mode. This will enable anti-virus products on Windows to provide a high level of security while minimizing reliability risks, as crashes outside kernel mode will only affect the anti-virus application, and not all of Windows. A private preview of these new Windows security platform capabilities will be made available to partners in July 2025. Our focus on Windows security goes well beyond the close collaboration with the MVI partners. Our Windows Secure by Design strategy is a comprehensive approach to ensuring that Windows 11 is the most secure operating system we have ever built, from the moment you power on your PC.

With Windows 11, we've achieved a remarkable 3x reported reduction in firmware attacks and 2.9x fewer instances of credential theft compared to Windows 10¹

We continue to raise the security bar with hardware security baseline requirements, security at every endpoint and related features enabled on by default.

Hardware Security Baseline: Our customers expect that every Windows 11 PC is safe and secure. Windows 11 leverages the latest hardware security features, such as TPM 2.0 and Secure Boot, to provide a robust defense against sophisticated attacks. Hardware security baselines now provide organizations with a consistent foundation and the confidence they expect in their operating system.
User-centric security enhancements: Guided by the Microsoft Secure Future Initiative, we are making big changes to deliver the highest level of Windows security. Smart App Control and App Control for Business policies provide peace of mind that only verified apps can run on your device, helping fend off attacks like malicious attachments or even social engineered malware. Windows Hello authentication has been extended to passkeys, so that you no longer have to choose between a simple sign-in and a safe one.
Administrator protection: We have introduced a new feature in preview where employees have standard user permissions by default, but can still make Windows system changes, including app installation, when necessary. With administrator protection enabled, if a system change requires administrator rights, the employee is prompted to authorize the change using Windows Hello. Upon approving the change, Windows creates a temporary isolated admin token that is destroyed once the process is completed. Administrator Protection helps to ensure that employees remain in control, not malware.

Learn more from David Weston about these new security enhancements.

Windows 365 and Windows 11 provided us with the capability, the operational resilience, the security that we needed to be able to provide a secure platform on which to build our products and services off.

--Sandra Lee, Group Chief Information Security Officer, London Stock Exchange Group

For detailed insights into these features and our Windows security priorities, please refer to our updated Windows Security book. This book provides a comprehensive view of our commitment to the Microsoft Secure Future Initiative and our aligned Windows security goals.

Empowering Developers with Cutting-Edge AI Tools

As we continue our journey into the AI era of computing, providing the right software tools and performant hardware to our developer community is critical to our success. This important community is at the forefront of this AI transformation, and with the introduction of Copilot+ PCs equipped with a powerful neural processing unit (NPU), we are seeing accelerated innovation around new AI experiences. Today, I’m excited to share new capabilities for developers which are designed to assist in the integration of AI in applications. At Build 2024, we introduced Windows Copilot Runtime (WCR), a reliable platform for developers to create innovative experiences more securely and efficiently, regardless of where they are on their AI development journey. Windows Copilot Runtime encompasses AI frameworks and tool chains that enable developers to integrate their own on-device models into Windows, utilizing robust client silicon such as GPUs and NPUs. Whether they are just getting started or are already building custom models, WCR includes a set of APIs that are powered by over 40 on-device models included with Windows. Phi 3.5 Silica, built from the Phi series of models, is optimized for the Snapdragon X series NPU in Copilot+ PCs, enabling text intelligence capabilities like text summarization, text completion and text prediction. Developers can access Phi 3.5 Silica API and Optical Character Recognition (OCR) API which recognizes and extracts text present within an image in Windows App SDK 1.7 Experimental 2 release in January. Today, I’m pleased to announce four new Imaging APIs in Windows Copilot Runtime which developers can access in Windows App SDK 1.7 Experimental 2 release in January.

Image super resolution: API increases fidelity of the image as well as upscaling the resolution of the image. This API can be used to enhance clarity of blurry images.
Image segmentation: API enables separating foreground and background of an image, as well as removing specific objects or regions within an image. Creativity apps like image editing or video editing can easily bring background removal capabilities in their apps using this API.
Object erase: This API enables erasing unwanted objects from the image and blends the erased area with the rest of the background.
Image description: API provides a text description of an image.

We are seeing exciting innovation with Windows Copilot Runtime and the NPU, coming from new third-party developers such as Adobe Premiere Pro, LiquidText, Dot Vista, Promeo by Cyberlink, McAfee’s Deepfake Detector, Capture One, Affinity Photo and more. In addition to the new AI-powered APIs and frameworks, it’s important to enhance developer productivity with tools they need to be efficient in their workflow. Windows Subsystem for Linux (WSL) offers a robust environment for AI development on Windows, allowing developers to simultaneously run Windows and Linux workloads. Starting today, we are introducing several critical enhancements to WSL and WinGet, empowering IT professionals to effectively manage their enterprise’s line-of-business applications.

Intune device compliance integration will provide IT professionals with an interface to control WSL distribution and version usage in their enterprise with controlled access.
Microsoft Entra ID integration with WSL allows enterprise developers to access protected enterprise resources from a WSL distribution. It provides an automatic connection for Linux processes to use the underlying Windows authentication.

We are excited to offer developers more choices for Linux distribution on WSL. With a new WSL distribution architecture, we are providing additional extensibility to IT professionals and enterprise developers to have more Linux distributions including Red Hat to choose from.

Harnessing the Power of AI: Windows 11 and Copilot+ PCs

AI is at the heart of our vision for the future of Windows 11, and its introduction into the productivity space is an exciting step forward. By leveraging the combined strengths of Windows 11 and Microsoft 365, we empower employees to achieve more with less effort through all-new AI experiences on Copilot+ PCs and Windows 11. With an integrated NPU capable of 40+ TOPS (trillion operations per second), Copilot+ PCs provide unique AI experiences and rich contextual insights across applications, with near real-time processing capabilities and support for the next generation of AI applications. When you add Microsoft 365 and the suite of innovative tools – including a large language model, graph and productivity features – employees can improve workflows, communicate effectively and collaborate more efficiently. With the introduction of Copilot+ PCs, Windows has been rearchitected, in collaboration with AMD, Intel and Qualcomm, and OEM partners, to optimize every layer of the stack for AI experiences. Copilot+ PCs are the fastest, most intelligent and the most secure PCs we've ever built. Together, Windows 11 on Copilot+ PCs with Microsoft 365 deliver experiences that enrich and empower employees and businesses in valuable new ways. Our innovation focuses on three key aspects of the employee experience: simplifying workflows, helping you find information faster and improving communication tools so everyone can be seen, heard and understood. Together, Windows and Microsoft 365 offer an experience with fewer clicks, less friction, richer context and greater capabilities for everyone. [caption id="attachment_179214" align="alignnone" width="1024"] Microsoft 365 Copilot[/caption]

Simplifying Your Workflow

An important aspect of productivity is the ability for employees to quickly switch between tasks, navigate applications and identify the right tools. This all takes time and effort which may distract from the task at hand. With Microsoft 365 Copilot on Windows 11, employees with a Copilot+ PC have access to a personal assistant for work designed to scale their impact, including aiding in idea generation, collaboration and task completion. We have only just begun unlocking new possibilities with Microsoft 365 Copilot on Copilot+ PCs. Microsoft 365 Copilot can harness the power of AI by utilizing the integrated NPU, allowing models to run locally. This reduces reliance on an internet connection for tasks such as AI writing assistance in applications like Outlook and Word. In the coming months, organizations will experience even greater benefits through new AI innovations, making generative writing capabilities accessible to more employees and enabling them to achieve more with less effort. Learn more from Jared Spataro about Microsoft 365 Copilot innovations in his blog.

Recall (Preview): Disabled by Default

Earlier this year, we introduced Recall for Copilot+ PCs, designed to make it easier to quickly find what you've seen before on your PC. We heard your feedback on needing a secure and controllable experience for using Recall in your organizations, and it will be. Recall will be disabled by default, and IT will enable this feature through new policies before it can be made available to employees for opting in and will ship with meaningful security enhancements, including additional layers of data encryption and Windows Hello protection, making it one of the most secure experiences we have ever built. Our goal is to ensure that your employee and organization data is protected from the beginning, and we look forward to hearing your feedback on this new experience. [caption id="attachment_179215" align="alignnone" width="1024"] Recall IT controls[/caption]

AI Assistance at Your Fingertips

Another Copilot+ PC feature recently announced is Click to Do (preview), an all-new powerful productivity paradigm that puts AI at your fingertips to assist with many tasks across applications such as being able to summarize any content on your screen, even if it’s in a Teams call. Click to Do (preview) in Recall is releasing first to our Windows Insider community on Copilot+ PCs before rolling out more broadly to our customers. It is designed to connect you to quick AI actions based on the context of what's on your screen, making it faster and easier to get things done, all done in secure and private workflows. [caption id="attachment_179216" align="alignnone" width="1024"] Click to Do (preview)[/caption]

Finding What You’re Looking For Faster

A seamless workflow relies on quickly finding what you need. Employees often struggle to locate files or information on their PC and across applications. Copilot+ PCs, with powerful NPUs, will reduce this frustration using Improved Windows Search, which uses federated semantic search to interpret user intent even when it doesn't match the exact file name. This feature will be released first to our Windows Insider community on Copilot+ PCs, starting early next year, before rolling out more broadly to our customers. Our Microsoft 365 Copilot customers can search both local and cloud files, boosting efficiency. These capabilities will expand to the Windows search box and Settings in the future. [caption id="attachment_179212" align="alignnone" width="1024"] Improved Windows Search[/caption]

Effective Communication and Team Collaboration

Achieving optimal productivity involves more than just completing tasks; it also includes enabling employees to communicate effectively while engaging in work they are passionate about. When using Teams on Copilot+ PCs, employees will experience optimized performance and reduced battery consumption. Teams Super Resolution enhances the quality of incoming video, improving visibility of colleagues even with weak internet connections. Live Captions with live translation support from over 40 languages into English, makes it easier than ever to connect with colleagues near and far². And, for the days you need to look and sound your best, Windows Studio Effects provide valuable visual and audio filters, providing optimal appearance and sound quality during a video call. These innovative experiences are powered by Windows Copilot Runtime. Studio Effects, Live captions with live translations and Image super resolution are available as ready to use APIs in Windows Copilot Runtime. Organizations can leverage these APIs to bring similar experiences to life in your applications, such as WhatsApp who has upgraded their user experience adding Windows Studio Effects controls directly into the UI. Learn more. [caption id="attachment_179220" align="alignnone" width="1024"] Teams Super Resolution[/caption]

Work Securely and with Enhanced Flexibility in the Cloud

With Windows 365, we extend Windows 11, Microsoft 365 and AI capabilities across any platform. Give employees the limitless computing power of Windows in the cloud, with access to the same Windows experience no matter which device they are on. With Windows 365 you can ensure business continuity across your entire team from remote and in-person employees, to consultants, contractors and temporary workers.

A More Secure Way to Access Your Work – Windows 365 Link

As organizations shift more workloads to the cloud for better security and flexibility, Microsoft is expanding its Cloud PC solution with a new class of devices built to connect securely to Windows 365 in seconds. Today we are excited to announce Windows 365 Link – the simple, secure and purpose-built device for Windows 365. Windows 365 Link is now in preview and will become generally available for purchase in select markets at $349 starting April 2025. It enables desk-based users to work securely on a familiar Windows desktop in the Microsoft Cloud with responsive, high-fidelity experiences. Compact, fanless and lightweight, Windows 365 Link can be conveniently shipped directly to users. It boots in seconds, wakes instantly from sleep, and offers local processing for video conferencing solutions such as Microsoft Teams meetings and Webex by Cisco, maximizing employee productivity. Windows 365 Link supports dual 4K monitors, four USB ports, an audio port, an Ethernet Port, Wi-Fi 6E and Bluetooth 5.3, making it compatible with both wired and wireless peripherals. It is simple to manage using Microsoft Intune alongside other PCs with a small Windows-based OS footprint with minimal applicable configuration policies. Windows 365 Link is designed with security in mind. The device does not store local data or apps and employees do not have admin privileges, ensuring corporate data stays protected within the Microsoft Cloud. Security baseline policies are enabled by default and security features cannot be disabled. Login is simple and secure with password-less authentication using Microsoft Entra ID and the Microsoft Authenticator app or USB security keys. Windows is dedicated to delivering choice and flexibility for our customers. Critical to that effort is our OEM and silicon ecosystem. Just like we did with 2:1s, we’re starting with first party devices and doing the work to get the product experience right. As we continue to expand the Cloud PC category, we look forward to expanding offerings as well, scaling with our OEM partners in 2025. [caption id="attachment_179205" align="alignnone" width="1024"] Windows 365 Link[/caption]

Support for Frontline Workers and BYOD

Today at Ignite, we are also announcing Windows 365 Frontline provisioned in “shared mode,” which will provide a new way to access Windows 365 Cloud PCs and is now available in preview. This new mode is designed for users who need brief access to complete ad-hoc tasks quickly and securely from a non-personalized Windows desktop environment and their user data is deleted upon log off. Additionally, Windows App now supports Mobile application management (MAM) for iOS and Android. Now in preview, MAM enhances device redirection and strengthens security on unmanaged or externally managed devices. It allows organizations to define device security criteria and customize access, supporting BYOD scenarios.

Now with Windows 365, we have one integrated solution that leads to security, that leads to cost efficiency, that leads to much better employee productivity and employee experience.

--Vineet Gupta, Head of Employee Experience, HP

Extending Windows 11 to Mixed Reality

Windows in mixed reality brings the full capabilities of Windows 11 to mixed reality headsets, starting with Meta Quest 3 and Quest 3S. Access to your local Windows PC or Windows 365 Cloud PC from a Quest headset is seamless and it takes only seconds to connect to a private, high-quality, large, multiple-monitor workstation. This will be available in public preview by the end of the year.

Endpoint Modernization

We continue to make progress on Windows endpoint modernization, designed to enhance security, productivity and management efficiency for organizations moving to Windows 11. As the end of support for Windows 10 approaches, there has never been a better time to upgrade to Windows 11, a more secure and resilient computing environment that empowers organizations to protect their data, optimize productivity and remain competitive in the rapidly evolving digital landscape. And with features like Windows Backup for Organizations with Entra ID Accounts coming in public preview this Spring, the transition to Windows 11 is easier than ever before. Learn more about the tools and resources available to organizations. And, as more of our customers make the move to the cloud, we continue to support them with Cloud PCs, Cloud Services and Cloud Management tools. Today at Ignite we announced several new features to help IT management ensure they can minimize the impact to the already stretched resources within their teams. Windows Update for Business deployment service has now been woven into Windows Autopatch, providing a more cohesive and streamlined update experience. With this change, customers can use Windows Autopatch to simplify keeping their Windows devices up to date. This automation helps to ensure the seamless deployment of updates for the Windows operating system, Microsoft 365 Apps for enterprise, Microsoft Teams and Microsoft Edge. The unified dashboard in the Microsoft Intune admin center allows for easy management of update policies, groups, status and reports, enabling IT professionals to maintain the level of control needed for their organization. This approach aims to reduce complexity, enhance compliance and security, and improve resource allocation. This dashboard ensures timely updates, minimizes disruptions and frees IT resources for strategic initiatives, without requiring additional licensing. Hotpatch for Windows is an innovative feature in preview, aimed at boosting both productivity and security. With Hotpatch, updates are downloaded in the background and become effective immediately upon installation, eliminating the need for a device restart. This enables customers to work without interruptions, while keeping systems protected with the latest security updates. When combined with Windows Autopatch, Hotpatch streamlines the update process and significantly shortens the time needed for applying updates. Organizations utilizing Windows Autopatch have reported up to a 95% reduction in the time required to deploy feature updates. Hotpatch will also be available on Windows 365 Cloud PCs.

Building a Future with Windows: Innovation and Security at the Forefront

As we look to the future, our mission remains clear: to create a seamless and secure experience for every customer, organization and developer. With the new capabilities in Windows 11, Copilot+ PCs and Windows 365, combined with our relentless focus on innovation, we are building a future where we will unlock the full potential of what Windows can offer. What you've seen today is just the beginning. We're committed to continuous innovation and improvement. Whether it's through enhanced security, better performance or transformative AI experiences, we're building a future where Windows empowers every user and organization to achieve more. ¹ Windows 11 Survey Report. Techaisle, September 2024. Commissioned by Microsoft. Windows 11 results are in comparison with Windows 10 devices. ² On some devices, Copilot+ PC experiences require free updates available starting later this year and continuing into 2025. Timing varies by device and region. See aka.ms/copilotpluspcs

Spotlight on Windows at Microsoft Ignite and the Technical Takeoff

Tue, 18 Oct 2022 21:00:47 +0000

Windows is building what matters most for your business. This was the theme as Chief Product Officer Panos Panay took the stage in Seattle for a live keynote to kick off day two of Microsoft Ignite 2022. Together, he and engineering leaders from Windows, Intune, Windows 365, Defender, Teams, Loop and Surface discussed (and demonstrated) some of the latest features in Windows to support secure hybrid work from client to cloud. Here are a few highlights from this year’s conference plus details on where you can take a closer look at the capabilities that will help you easily deploy, update and manage—and deliver the most secure, personal and productive experience for devices, virtual desktops and Cloud PCs.

Catch up with Microsoft Ignite on demand

Windows: Building what matters most for your business Panos Panay, Ramya Chitrakar, David Weston, Scott Manchester, Lan Ye, Joe Belfiore, Steven Bathiche Get an insider's view of some of the top features in Windows. Learn about Windows 365, Intune, Defender, Teams, Loop and Surface, from the engineering leaders who built them. Secure your workforce with Windows + Intune Wangui McKelvey, Steve Dispensa Explore new security features like Enhanced Phishing Protection that help secure your business no matter where people work. See demos of end-to-end protections with the latest innovations in Windows 365. Dive into flexible, familiar management with Microsoft Intune, Windows Update for Business and Windows Autopatch. Experience Windows in the cloud with Azure Virtual Desktop and Windows 365 Tristan Scott, Kam VedBrat, Bhavya Chopra See how Windows is experienced and managed with Azure Virtual Desktop and Windows 365. Learn how organizations are safeguarding their business while empowering employees for a world of hybrid work in the office, at home and everywhere in between, on any device. Advanced security and management solutions for hybrid work from Microsoft Surface Katharine Holdsworth, Harshitha Murthy, Nazmus Sakib Discover the latest innovation in security from Microsoft Surface, ranging from hardware security advancement through Pluton to software improvements through Secured Core PC and advanced Windows 11 security features. Learn how Surface and Windows enable modern management to support employee productivity while keeping your organization secure.

There’s more to explore at the Microsoft Technical Takeoff

Join us Oct. 24-27 on the Microsoft Tech Community for four days of deep dives, demos and Ask Microsoft Anything (AMA) sessions. The Microsoft Technical Takeoff is your chance to learn from the engineering PMs building Windows, Windows 365, Microsoft Intune and Azure Virtual Desktop—and engage in live Q&A to get the answers you need to move your business and IT strategies forward. No registration is required. Simply visit https://aka.ms/TechnicalTakeoff and add sessions to your calendar. Or, for the best experience, sign in to (or sign up with) the Tech Community and RSVP. Not only will you save your spot and receive event reminders, you’ll also be able to participate in live Q&A during every session. Can’t attend at the session times provided? We’ve got you covered. All sessions will be available on demand shortly after airing. Engineering leaders John Cable, Ramya Chitrakar and Steve Dispensa will kick off the event at 7 a.m. PT on Oct. 24 with Let’s talk Windows and Intune – we hope to see you there!

Panos Panay and more: What’s up with Windows at Microsoft Ignite Nov. 2-4

Steve Clarke, Editor — Thu, 28 Oct 2021 16:02:41 +0000

Are you an IT pro planning to attend the virtual Microsoft Ignite event Nov. 2-4? If so, be sure to check out the core sessions, interactive experiences and deep dives that will help you deploy Windows 11, optimize device management and keep users protected and productive. You’ll find it all listed here, but here are key sessions to catch: Agile, collaborative, secure: Why adopt Windows 11 today Tuesday, Nov. 2: 11:30 a.m. PT Aidan Marcuss, Wangui McKelvey Join Windows CVP Aidan Marcuss and Microsoft 365 GM Wangui McKelvey for a tour of the value Windows 11 offers commercial organizations today—and a discussion of upcoming investments. From signature experiences tuned for hybrid work to industry-leading security from core to cloud, learn how you can offer innovative form factors, easily personalized and persistent desktops, and seamless integration with collaboration tools. Have questions? RSVP for Ask the Experts, Nov. 2 at 12:30 p.m. PT. Windows 11: The 11 things every organization should know On demand John Cable and engineers from the Windows, Windows 365, Universal Print and Microsoft Endpoint Manager teams Take an energetic, fast-paced run through the critical elements in Windows 11 for IT pros and the commercial organizations they support. This is an engineer-to-engineer session focused on the features and services developed based on your feedback. Let's keep building the next generation of Windows together. Panos Panay talks Windows 11 accessibility and support for hybrid work “Between all the keynotes and breakouts, see if you can catch two very special segments featuring Chief Product Officer Panos Panay,” says Heather Poulsen in the post. “One is a fun, fast-paced conversation on Windows 11 and hybrid work with Wangui McKelvey. The other is a thoughtful, enthusiastic discussion about designing an inclusive Windows 11 for a hybrid world with Chief Accessibility Officer Jennie Lay-Flurrie. These are a great way to hear directly from important leaders at Microsoft.”