Security News > 2021 > June > Windows 11: Understanding the system requirements and the security benefits
Although it's usually just thought of as storage for BitLocker keys, the Trusted Platform Module services a wide range of Windows security features: storing other keys and the PINs for Windows Hello biometrics and Credential Guard; blocking brute-force dictionary attacks so that even shorter PINs and passwords are more secure; powering virtual smart cards; acting as the hardware root of trust for secure boot and measured boot; attesting to PC health after boot with Windows Defender System Guard; and enabling 'white glove' and self-service Autopilot deployments.
To run Windows 11, CPUs need to have the hardware virtualisation features to enable virtual secure mode for Virtualisation-Based Security and the Hypervisor-Protected Code Integrity that underlies a range of protections that Microsoft has been building since Windows 8, like Application Guard, Control Flow Guard, Credential Guard, Device Guard and System Guard.
Security isn't its only raison d'etre, but Windows 11 is intended to "Raise the security baseline", taking advantage of the various 'guard' features that are already in Windows but rarely turned on.
Windows Hello for Business replaces the familiar username and password with strong user authentication using asymmetric cryptographic key pairs and Windows 11 improves the way the key trust relationship works with Active Directory and Azure AD. "Folks who were using certificates or smart cards, which are pretty substantial, can very quickly transition to Windows Hello for Business, which means they can really quickly get to a nice passwordless strategy," Weston said.
"We spent a lot of time with enterprises in different categories and the feedback we got is, for the vast majority of enterprises we talked to, this is going to work just fine. The other reality is, despite security being the top driver for Windows 10 and the Windows 7 to 10 transition happening relatively quickly, there's going to be some folks who just aren't going to make that move quickly. And so we think this is a good balance between the folks who are ready to go to Windows 11 and the folks who need more time but want to stay secure and supported."
Common enterprise security initiatives like the passwordless and zero trust approaches that Windows 11 supports natively will appeal to many enterprises, Weston expects; for others the Windows 10 support lifecycle matches the timescale for buying new PCs. "Folks who have the hardware available and want these substantial security increases - we think they're going to move to Windows 11 even faster than the 7 to 10 transition, because security is even more important now. And there will certainly be another set of folks who need more time to do hardware refresh or just get prepared. And we're going to continue to ship updates and ship new and interesting things down to Windows 10 to keep them secure and viable."