The recently released update for Windows 11 22H2 gives users new security features, such as passkeys via Windows Hello.
Microsoft has been allowing Windows users to generate passkeys via Windows Hello for some time. This allows them to log into Web sites or Web applications via facial recognition, PINs or fingerprints. In addition, Windows 11 users can use mobile devices via Bluetooth to complete the login process.
In the now-released 22H2 update, a dashboard becomes available within Windows 11 that allows end users to manage all of these issues. It can be accessed through Settings under the Passkeys heading. From this dashboard, which previously came to Insiders in the Dev Channel in the Windows 11 Preview Build 23486 release, users can view and manage all their passkeys.
Forcing elimination of passwords
It also makes it easier for enterprises to centrally set passkeys for their fleet of Windows devices. With the update, IT administrators will be able to allow Windows 11 devices with Windows Hello for Business or FIDO2 keys to immediately stop users from using passwords.
To do so, they can now implement a policy for Microsoft Entra-joined machines, the former Azure Active Directory, so that users are no longer given the option of entering a password to access the corporate network and applications.
All passwords are removed from the Windows experience by this policy, both to boot the device and for in-session authentication scenarios. Users can (or should) use more robust authentication as a result, such as via Windows Hello or FIDO2 security keys.
In addition, it is possible to perform a reset of their Windows Hello for Business PIN or for and web-based login method. These features are now possible for all supported Microsoft Entra ID authentication mechanisms.
Introducing Config Refresh
In addition to these specific features for passkeys, the recent Windows 11 22H2 update also has new security features such as Config Refresh. This feature allows security teams to ensure that all policies enter a secure default security state every 30-90 minutes, depending on administrator choice. This feature is still only available to Insiders, but will soon be generally available.
Other new security features
The feature App Control for Business, formerly Windows Defender Application Control, ensures that only trusted applications run in corporate environments. This feature automatically blocks unwanted or malicious code from launching.
Furthermore, the update comes with better and accurate firewall logging for domain, private and public firewall profiles and the ability to choose ICMP inbound and outbound rules.
Remarkably, the above security updates were still released in a 22H2 update. Around this time, the most recently announced 23H2 update was expected to be rolled out to end users. When this version will actually be pushed generally is not known.