Essential Security Tips for Windows 11
Image credit: Microsoft

This time Microsoft is strict on Windows 11 system requirements to ensure that devices running the operating system is secure. And makes it mandatory Trusted Platform Module (TPM) 2.0 component built into the motherboard and UEFI firmware with secure boot capability for it to be eligible for a Windows 11 Free upgrade. Well the new system requirement for Windows 11 is a  game-changer for Windows security, But it isn’t everything there are additional steps you can take to make sure it stays protected. Here in this article, we have a few Essential Security Tips for Windows 11 you need to enable to tighten your security settings in Windows 11 even more.

From setting a strong password to scheduling Windows Updates, these measures can help prevent dangerous or malicious software from wreaking havoc on your system.

How to Secure Windows 11 PC

Securing Windows 11 PC is important, it helps protect personal and sensitive data, prevent unauthorized access to your device, and safeguard against security threats such as malware, viruses, and phishing attacks. Here is how to quickly secure the Windows 11 operating system.

  • Ensure Windows secure firewall is Enabled, and regularly perform quick scans or full system scans for virus malware infection.
  • Make sure Windows 11 is up to date with the latest security patches.
  • Use strong passwords or biometric authentication like Windows Hello.
  • Encrypt the Disk drive using BitLocker encryption to protect your data.
  • Use a standard user account instead of an administrator account for everyday use.
  • Always use a Virtual private network (VPN) to secure your internet traffic, and keep your data safe from prying eyes.
  • Use caution when downloading and installing software, and only download from trusted sources.

Keep Windows 11 Updated

Microsoft regularly updates Windows 11 with random bugs and security enhancements. Installing the latest Windows updates ensures your device is protected against the latest security threats that appear on the internet almost daily.

  • Press the Windows key + X and select the settings option
  • Go to Windows update then click on Check for updates,
  • The operating system will start looking for all the latest updates
  • If new updates are available or pending there, allow them to download and install from the Microsoft server,
  • Once done restart your computer to apply the updates.

Update windows 11

Use Strong Passwords or Biometric Authentication

Using your Windows 11 computer without a password? Doing so your device vulnerable to unauthorized access by people around you. So using a Strong password is an essential step to secure your Windows 11 account. It’s recommended to set up sing in password or enable biometric access.

  • Press the Windows key + I to open the settings app
  • Go to Accounts then head to the sign in option
  • Click on Add, Set a new password, and fill in the relevant information in the new dialog box.
Create strong password
“© By Wanisa/Adobe Stock”

Windows 11 also supports biometric authentication through Windows Hello. You can use facial recognition, fingerprint, or PIN to sign in to your device, which is a more secure option than using a password.

To set up Windows Hello, go to Settings > Accounts > Sign-in options and follow the prompts to set up your biometric authentication.

Enable Windows Defender Firewall

Windows Defender Firewall is a built-in security feature acts as a shield for your PC while you’re online and protects it from any unauthorized access from outside threats. To secure Windows 11 computers, check and ensure Defender Firewall is enabled for both Public and Private networks.

A firewall works by providing a complex set of rules that block all unauthorized communication to and from your system.

To enable Defender Firewall:

  • Open the control panel Go to System and Security then Windows Defender Firewall
  • Click on Turn Windows Defender Firewall on or off, Here ensure that the Firewall is enabled for both Public and Private Networks.

Firewall on windows 11

Use Dynamic Lock

Dynamic Lock feature that works by connecting your PC with a device—usually a smartphone through Bluetooth and Windows 11 automatically locks your device when it detects that you are away from it.

This can help to enhance the security of your device by preventing unauthorized access when you are not using it.

To enable Dynamic Lock, you have to turn on your Bluetooth and pair up your devices. Here’s how:

  • Go to Windows Settings (press Win + I).
  • Select Bluetooth & other devices and Now toggle on the switch for Bluetooth and connect your smartphone.

After you’ve successfully paired your computer, it’s time to turn on the Dynamic Lock feature.

  • Again, go to the Settings menu, and select Accounts.
  • Click on Dynamic Lock in the section under Additional Settings.
  • From there, click on the checkbox for Allow Windows to automatically lock your device when you’re away.
  • As soon as you do this the Dynamic Lock will get activated, providing an additional layer to your security.

Use BitLocker Encryption

Also, you can encrypt your drive using BitLocker drive encryption which can help protect your data in case of theft or loss. It encrypts your entire hard drive and prevents unauthorized access to your data.

This feature encrypts your drive to make it accessible only using a password

To enable BitLocker, go to Settings >Privacy & security > Device encryption > And toggle on drive encryption option

Enable Device encryption

  • Now Press the Windows key + E to open File Explorer, then click on This PC
  • Right-click on the Drive (to encrypt data) and select Turn on and follow on-screen instructions.

Turn on Bitlocker

  • You can also choose to encrypt other drives or removable storage devices.

Configure Windows security

Windows security provides several features that help protect your PC from various types of threats, including malware, viruses, and hackers. Here are some ways Windows security protects your PC:

windows security
Photo by Ed Hardie on Unsplash

Enable real-time protection:

  • Press the Windows key + S, type Windows Security and select from the top,
  • Click on Virus & Threat Protection, then Virus & Threat Protection settings. and enable Real-time protection.
  • This will ensure that Windows Defender is always running and protecting your device.

Realtime protection

  • Also, you can run a scan manually by clicking on Virus & Threat Protection and choosing Quick Scan.

Windows security scan

Enable Reputation-Based Protection

The Reputation-based protection feature helps users protect their devices from harmful, potentially unwanted applications (PUA).

  • First, open Windows security, Click on App & Browser control then Turn on the button to enable the Reputation-based Protection

Reputation based protection

Windows 11 is always on the lookout for suspicious or badly performing applications

  • Now click on the Reputation-based protection settings and enable all options, including Check apps and files, SmartScreen for Microsoft Edge and potentially unwanted app blocking.

Reputation-based protection settings

Configure Ransomware Protection

Windows 11 comes with a dedicated Ransomware protection feature, and you can turn on or enable the Controlled Folder Access option
to prevent unauthorized access to your essential folders.

  • Open Windows security then click on Virus & Threat protection
  • Under Ransomware Protection, click on Manage Ransomware Protection.
  • Toggle on the Controlled Folder Access and click on the Protected folders to add the folders.

Enable Core Isolation

This feature enables an extra security layer against malicious attacks such as rootkits.

  • Open Windows Security then click on Device Security
  • Under Core Isolation, click on Core isolation details And toggle on the option Memory Integrity
  • Reboot the device to make the changes effective.

Disable Ads and Tracking

Microsoft creates an Advertising ID for every individual account and uses it to display users’ tailored ads by collecting their preferences.

  • Press the Windows key + X and select settings
  • Go to Privacy & Security then select General under Windows permissions from the right.
  • And finally, disable all the tracking and ad displaying options.

Disable Advertising Data Tracking

Enable network scanning

Network Scanning is a hidden option of Windows Defender that scans the network files on the system for any potential threat. This option is disabled by default And needs to enable it manually.

  • Press Windows key + S, type PowerShell, and select run as administrator
  • Run the command Set-MpPreference -DisableScanningNetworkFiles 0 to enable network scanning.

Network scanning

Note: To disable it, use this command: Set-MpPreference -DisableScanningNetworkFiles 1

Restrict Diagnostic Data

Microsoft collects hardware and software diagnostic data to improve the users’ experience. However, there is always a risk that this data could be intercepted or misused by unauthorized parties.

  • Press the Windows key + X and select settings
  • Go to privacy & security then elect Diagnostics & feedback under Windows permissions
  • Toggle the button to turn off sending the optional diagnostic data.
  • Turn off the Improve inking and typing, Tailored experiences, View diagnostic data, and Delete diagnostic data.

diagnostics and feedback data

Disable activity history

The activity history feature on Windows 11 allows see a list of apps and files that used in the past 30 days but could reveal sensitive information about your online activity, such as the websites you have visited or the files you have accessed. We recommend disable this option to secure your Windows 11 activity

  • Click on Start and select Windows 11 Settings.
  • Select Privacy & Security from the left pane and select Activity History under Windows permissions from the right.
  • Uncheck the Send My Activity History to Microsoft option.
  • You can also click on the Clear button to delete the Activity history.

Clear Activity history

configure User Account Control

UAC confirmation dialogue box would emerge if any third-party app or virus tries to change your file/registry.

To configure User Account Control (UAC) settings

  • Press the Windows key + S, type UAC and click on Change User Account Control settings.
  • Move the slider up to enable Always Notify, Click OK.
  • This option will provide a better level of security and prevent specific changes in your system without your consent.

User account control settings

Manage Application Permissions

Adjusting the permissions would let you control what hardware component your Windows applications are using.

  • Right-click on the Start menu and select installed apps
  • Locate the app for which you want to change the permissions, Click on the three dots, and select Advanced options
  • Adjust the permissions given to the apps by toggling the buttons ON or OFF.
  • You can also set background running permission for the apps.

Manage Application Permissions

Use a Standard User Account

Using a standard user account instead of an administrator account for everyday use can help prevent unauthorized changes to your device’s settings or software installation. You can create a standard user account by following the steps:

  • Press Windows key + R, type netplwiz and click ok
  • To set up a new account here, click on Add.
  • In the dialog box, click on Sign in without a Microsoft account (non-recommended).
  • Click on Local account and go ahead with the account creation.

Add local account windows 11

  • Enter a new username and password, and click on Next.
  • Click on Finish to finalize your account creation process.

In addition, using A VPN is a tool that encrypts your internet traffic and hides your IP address, it not only helps protect your online privacy but also prevents unauthorized access to your network.

Also Using third-party security software such as antivirus, anti-malware, and anti-ransomware can provide an additional layer of protection.

Frequently Asked Questions (FAQs)

What are some essential security tips for Windows 11?

  • Essential security tips for Windows 11 include using strong and unique passwords, enabling automatic updates, installing reputable antivirus software, and being cautious about phishing emails.

Why is it important to use strong and unique passwords on Windows 11?

  • Strong and unique passwords help prevent unauthorized access to your device and sensitive data. They are a fundamental layer of security.

Why is antivirus software important for Windows 11?

  • Antivirus software helps detect and remove malware, providing an additional layer of protection against threats like viruses, ransomware, and spyware.

What should I do if I receive a suspicious email on Windows 11?

  • Do not click on any links or download attachments from suspicious emails. Delete them or report them as phishing scams to your email provider.

How can I protect my personal information while browsing on Windows 11?

  • Use secure and up-to-date web browsers, enable HTTPS, avoid unsecured Wi-Fi networks, and consider using a virtual private network (VPN) for added privacy.

What steps can I take to secure my Windows 11 device when using public Wi-Fi networks?

  • Avoid accessing sensitive information on public Wi-Fi. Use a VPN to encrypt your connection, and ensure that network sharing and file sharing are turned off.

How can I secure my files and folders on Windows 11?

  • Use encryption tools like BitLocker, set strong passwords for your accounts, and consider creating a separate user account with limited privileges.

Also, read;

Steve Ballmer
With over 7 years of experience in the IT industry, I have experience in IT support, helpdesk, sysadmin, network admin, and cloud computing. Certified in Microsoft Technologies (MCTS and MCSA) and also Cisco Certified Professional in Routing and Switching.