Ebrius Disputatios

Now identity verification is the key to the system.

Microsoft has expanded testing of administrator protection in Windows 11 by allowing Windows Insider users to enable the feature through Windows Security Settings.

First introduced in October for the Canary channel, Administrator Protection uses a hidden mechanism for temporary elevation of rights and authentication requests through Windows Hello, allowing access to administrative rights only when necessary. Protection is aimed at preventing unauthorized access to critical system resources.

When this feature is enabled, logged in administrators have standard user rights and must authenticate using Windows Hello (PIN or biometrics) when installing new apps or making registry changes. Authentication requests are more difficult to bypass than the existing User Account Control (UAC) mechanism, making it difficult for malware and attackers to penetrate.

Example of a credentials window with a new (larger) colored area above the application description (Microsoft)

The feature is disabled by default and can be enabled by administrators through group policies or management tools such as Intune. In addition, now users can enable it themselves through Windows security settings in the Update and Security section – Windows Security – Account Protection. The change requires a system reboot.

This feature is available to Windows Insiders in the Canary channel who have installed Windows 11 Insider Preview Build 27774. Microsoft also plans to soon introduce a new feature called Fast System Restore, which allows administrators to remotely troubleshoot issues that cause devices to become inoperable after updates. Windows. The new feature, like many other security options, works as part of the Secure Future Initiative.