Microsoft introducedWindows 11with hardened requirements, includingTPM 2.0 and Secure Boot, making the system more secure.
Note that while some need to be configured, the others are configured by default.
Press theWindows Key + ito initiate the parameters app.
Click Windows Update on the left.
Then click Check for updates.
When the scan completes, the pending updates should begin downloading and installing automatically.
When completed,restartthe computer.
Enable BitLocker encryption
BitLocker is a native encryption feature of Windows that keeps your machine secure offline.
It is available on almost allWindows editionsexcept for Home.
Here are the steps to enable BitLocker on Windows 11:
Learn how tomanage BitLocker from the command line.
Press theWindows Key + Eto launchFile Explorer.
Right-punch the partition to encrypt and click Turn on BitLocker.
Note:The BitLocker Recovery Key cannot be saved to the same partition that is being encrypted.
Back on the BitLocker wizard, clickNext.
On the next screen, select Encrypt used disk space only and clickNext.
Select New encryption mode and clickNext.Select new BitLocker encryption mode
Now click Start encrypting.
The encryption process will now begin.
This step may take some time depending upon the amount of data present in the drive.
Once the encryption process is complete,closethedialog box.
After performing the steps above, BitLocker encryption will be enabled on the selected drive.
However, it is recommended that you enable BitLocker on all drives, including the Boot drive.
Once encryption is enabled on the Boot drive, you could evenconfigure a pre-boot PIN for BitLockerfor easy access.
Disabling it would mean that all sorts of packets can come and go without being detected.
Although this is enabled by default, you must ensure that it is not disabled.
Here are the steps to enable Windows Firewall:
Press theWindows key + Rto launch theRun Command box.
Click Virus & threat protection on the left.
Note that this scan can take some time and is resource-intensive.
Therefore, your PC may lag during this time.
Once the scan is complete, go through any quarantined files and remove them from your PC permanently.
Once the feature is disabled, you must perform a clean Windows 11 installation to enable it again.
Click Smart App Control options.Open Smart App Control options
Select Evaluation.
This also includes unsigned drivers.
Here is how to fire up the feature:
Open theWindows Securityapp.
Go to gadget Security.
This utility works with Microsoft Office, Internet Explorer (deprecated), and Microsoft Edge.
Any URL not mentioned in the whitelist will automatically run in an isolated environment.
This is because the online session would be in standalone mode.
jot down in optionalfeatures and pressEnterto launch the Optional Features window.
Note that these are additional steps and in no way affect the security of your system.
Click App & web client control.
It restricts the modification of critical system folders from external apps and programs that are not trusted.
Learn aboutWindows password complexity requirements.
you might set up Windows Hello fromSettings > Accounts > Sign-in Options.
Dynamic Lock provides an additional layer of security in case a user forgets to lock the account.
To enable dynamic lock, you must have a phone paired with your PC.
Even after pairing it, the phone must be connected to it via Bluetooth for Dynamic Lock to work.
Here are the steps to enable Dynamic Lock on Windows 11:
Open theSettings app.
Go to Accounts and then Sign-in options.
Click Dynamic Lock to expand it.
Here is what I recommend you do:
Click Privacy & security.
Expand Activity History anddisablethe option Store my activity history on this rig.
Click Clear history.Disable and clear activity history
When asked for confirmation, clickClear.
Go back to the Privacy & security page and open Search permissions.
This alsoopens data pipe portson your gear, making it vulnerable to attacks.
Therefore, I strongly suggest that you disable it if you do not use the service.
Here is how:
Open theSettings app, clickSystem, and then open theRemote Desktopsettings.
Otherwise, the option to convert an account into a standard account will be disabled and grayed out.
Press theWindows key + Rto launch the Run Command box.
pop in in Control and pressEnterto launch the Control Panel.
Go to User accounts, and then click User accounts again.
Only use this administrative account when dire.
The coordinates are then displayed on a map to the user who requested the location of the gadget.
Of course, only authorized people can access that kind of information, which includes you; the owner.
A bad omen for your data cannot be predicted.
Here are thesteps to create restore points:
Learn how tocheck if system restore is already enabled.
pop in in sysdm.cpl and pressEnterto launch the System Propertiesapplet.
Switch to the System Protection tab.
Or, you cancreate a system imageusing the Windows-native tool.
Whatever happens inside a Sandbox stays within, without affecting the rest of the computer.
Moreover, the environment inside the Sandbox is the same as the actual Windows PC.
Windows Sandbox is disabled by default.
Here are the steps to enable Windows Sandbox:
jot down in optionalfeatures and pressEnter.
Select Windows Sandbox and pressOK.Enable Windows Sandbox
Windows Sandbox will now be installed.
Launch Sandbox by searching for it in the Start menu.
This includes the instances when you buy a new Windows 11 PC or perform a fresh, clean installation.
These will kee your rig secure from online and offline threats, as well as protect your privacy.
1
Get weekly insights, tips and exclusive content delivered straight to your inbox.
Talk to us straight and get your questions answered right away
source: www.itechtics.com
