Although it’s being marketed to consumers, Windows 11 is really about helping businesses protect sensitive data.
Seriously, who did Microsoft develop Windows 11 for? Only people who like centered taskbars? Only people who don’t mind “unlearning” how to get into task manager?
Maybe not, but I’d argue that Windows 11 wasn’t designed for you and me. Rather, it was designed for the businesses, governments, schools, and other entities that we interact with. It’s built to ensure that sensitive information can be secured.
Baked-in security
For starters, Windows 11 has allowed Microsoft to cut the cord on the 32-bit platform. Windows 11 will be first Windows OS that is 64-bit only. This allows Microsoft to build in more virtualization and containerization security features that cannot be done in the 32-bit platform.
Virtualization-based security doesn’t mean that you are running Hyper-V and a virtual machine; it means that you are using virtualization-related technologies in Windows 10 and 11 designed to separate out tasks and enhance the operating system’s ability to isolate processes. The virtualization technologies in Windows 10 and 11 make the case for sticking with Microsoft Defender for Endpoint to deal with the changes in the operating system and with the ability to handle Credential Guard, Application Guard for Office, and Sandbox.
In addition, the TPM (Trusted Platform Module) 2.0 mandate ensures that you have a cryptoprocessor that resides on your motherboard or its processors. Using hardware-level encryption protects your device and the data stored on it by protecting the encryption keys generated by your computer. It ensures that the encrypted drives remain encrypted and that the malware cannot access the fingerprint information you have on your laptop.
Now, while you may not need military grade security that ensures that attackers can’t gain access to your fingerprint login, you probably want the businesses that have your money to have this sort of protection. Windows 11 ensures that it is built for a process called “Zero Trust.” The idea is that if attackers get in, they won’t be able to get far. As Microsoft notes:
In Windows 11, Microsoft Defender Application Guard uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as device location or access resources like camera and microphone.
The TPM 2.0 mandate ensures that stronger crypto algorithms can be deployed and utilize future security capabilities. And Microsoft’s upcoming Pluton security processor, due to ship with select Windows PCs in 2022, supports TPM 2.0 and includes Secure Hardware Cryptography Key (SHACK) technology, which “helps ensure that keys are never exposed outside the protected hardware, even to the Pluton firmware itself,” according to the company.
What Microsoft has failed to do is communicate why they’ve put these mandates in place, and it doesn’t help that they’ve marketed Windows 11 to consumers first. While consumers are lamenting the fact that we can’t officially run Windows 11 on our computers because we don’t have the needed processor (and contemplating bypassing the hardware requirements), we would all agree that we’d want our banking institutions to have these protective technologies. Think of all of the businesses that are being hit hard by ransomware attacks; you’d want each and every one of those businesses to be using as much security as they can to protect themselves.
No rush to deploy Windows 11
All this said, most prudent businesses won’t even think about deploying Windows 11 in production for at least several months, if not more. Businesses should be testing, but not deploying, Windows 11 at this time.
That’s because nowadays Microsoft considers Windows releases as the point at which it starts servicing the platform, rather than launching a finished OS as in days of yore. For instance, Microsoft is currently testing various Windows 11 bug fixes in its Insider program, including fixing “an L3 caching issue that might affect performance in some applications on devices that have AMD Ryzen processors after upgrading to Windows 11,” as well as fixing “a race condition that occurs during the early part of startup that might cause a stop error.” This “continuous fix” process may be frustrating to us old-timers, but it showcases that now nearly all of the operating system can be easily and relatively quickly replaced and fixed through the Windows update process.
I see Windows 11 as a long investment in the future — a more secure future for businesses, not necessarily a platform that is consumer friendly. As consumers, we are moving to more and more different platforms. Before the pandemic that pushed many of to work from home, I had several employees in the office who had no laptop at all and used Android tablets or iPads for their daily technology needs. Even Amazon is touting its latest Fire tablet, combined with a keyboard and a 12-month Microsoft 365 Personal subscription, as a productivity device.
Bottom line: it’s okay if the bulk of my home computers can’t run Windows 11. By 2025, I may be using different technology for my home computing needs. But by 2025 I do want to have my business and the businesses I interact with using devices that are protected from ransomware and other threats. We cannot keep the status quo.
So don’t worry that you don’t have a system that can’t handle Windows 11. It’s okay, neither do I. But I’m planning to have my business computers support it one day, and I hope the firms I do business with do as well.
This article originally appeared on ComputerWorld.