Windows 11 Is Set To Become More Secure For SMB Users

Windows 11 is set to become more secure for SMB users all over. This is coming as news of new security features already rolling out to Windows 11 insiders.

Windows 11 Secure For SMB Users

Windows 11 Secure For SMB Users

Microsoft is now introducing a couple of new features in the next version of Windows 11 which should reportedly make it more secure for some of its users.

Microsoft Principal Program Manager Ned Pyle in an update posted on the Microsoft blog reportedly announced that Windows 11 will allow admins to mandate SMB client encryption for all outbound connections. That in question simply means that admins can mandate that all destination servers support SMB 3.x and encryption, and in the event that those are missing, the client will not connect.

“This enforces the highest level of network security as well as bringing management parity to SMB signing, which allows both client and server requirements,” Pyle explained. SMB encryption as you should know makes data encrypted end-to-end, which is a feature that stops potential eavesdropping.

The New Incoming Feature Is Already Rolling Out

The new incoming feature is already rolling out with Windows 11 Insider Preview Build 25982 to insiders in the Canary Channel.

“You can now also configure the SMB client to always require encryption, no matter what the server, share, UNC hardening, or a mapped drive requires,” he added.

“This means an administrator can globally force a Windows machine to use SMB encryption – and therefore SMB 3.x – on all connections and refuse to connect if the SMB server does not support either.”

Admins Can Now Configure the New Feature

Admins can now configure the new feature through PowerShell or the “Require encryption” group policy that can be seen under Computer Configuration \ Administrative Templates \ Network \Lanman Workstation.

What It Means To Disable the Policy

Disabling the policy obviously takes away the encryption requirement. Pyle also however cautioned IT teams when reportedly deploying SMB encryption via group policy to a heterogenous fleet, as any legacy SMB servers (think Windows Server 2008 R2) will not be supporting SMB 3.0. “Older third-party SMB servers might support SMB 3.0 but not encryption,” he reportedly added.

Microsoft to Boost the Security of both Windows and Windows Server

The changes in question are part of the company’s campaign to help boost the security of both Windows and Windows Server for the modern threat landscape, Pyle reportedly concluded.



Please enter your comment!
Please enter your name here