At Ignite, Microsoft announced a number of new features for Windows, primarily designed to improve the security of the system. These include Administrator Protection to implement least privilege, new requirements for antivirus manufacturers, the recovery of non-bootable PCs and support for Hotpatch.
In response to regular security incidents, Microsoft launched the Secure Future Initiative . Its aim is to ensure that security is a top priority when designing every product or service. Microsoft also wants to deliver its software with settings that are secure by default (“Secure by Default”).
Crowdstrike disaster as trigger
At least two of the current announcements are a reaction to the Crowdstrike disaster this summer, which paralyzed millions of Windows PCs and led to the failure of many critical applications, such as those used by airlines.
Microsoft Virus Initiative
As a result, Microsoft is tightening its grip on vendors of such tools as part of the Virus Initiative , requiring them to distribute updates gradually across multiple deployment rings – a practice that every good admin takes for granted. They must also monitor the rollout of updates to detect negative impacts early on.
Technically, Microsoft wants to prevent such events by ensuring that antivirus software no longer runs in kernel mode but in user mode while still gaining access to the required system resources.
Recovering Unbootable PCs
If a faulty update still prevents PCs from booting, a function called Quick Machine Recovery will be available in the future to remedy the situation.
It is intended to enable admins to install fixes from Windows Update without requiring physical access to the computer. A preview is expected to be available in early 2025.
New option for Least Privilege
Windows suffers from the legacy of a system design that in the past restricted working as a standard user to such an extent that it was common practice to give users administrative rights.
The OS has made significant progress in this regard, but even today relatively trivial tasks such as changing the system time are reserved for privileged accounts. For several Windows generations, Microsoft has secured these with the UAC, which only increases permissions when necessary and after confirmation.
Unlike UAC, the now announced Administrator Protection does not issue users with an admin token for the entire duration of the session, but only for the required actions. It is then removed.
Administrator Protection temporarily increases permissions for individual actions.
To install applications or change the system time, for example, standard users must authorize this action via Windows Hello, typically using a biometric procedure. This feature is currently in preview.
Hotpatch
An update feature that Microsoft has already introduced for Windows Server is now also reaching Windows 11 and Windows 365. It is intended to lower the hurdles for installing patches because it reduces the number of reboots, according to Microsoft, from 12 to four per year.
However, it remains limited to the Enterprise Edition and requires that the clients have joined Entra ID (hybrid) and are managed via Intune. There, Microsoft has combined hotpatching with the settings for Autopatch and the Windows Update for Business Deployment Service on one page. The combination of these features should make the update process smooth.