Hardening Windows 11
Hardening Windows 11
Enviroment: Windows 2019 domain, Win 10 Pro workstations and role systems
Retiring hardware has prompted the lock-stock-and barrel replacement of a couple of systems. These new systems, role oriented, came with Windows 11 pre-loaded. I could wipe the pre-load an install win10 but that would be like putting my finger in the dike because it sprung a leak. The writing is on the wall and its inevitable.
I've scoured the web and came up with nothing helpful. I even, foolishly, asked Microsoft directly. Microsoft's reply, keep windows 11 patched and up to date.
There must be some way, even a modest way , to harden Windows 11, to be able to restricting what content is sent and received, where privacy is preserved, and their AI is reigned in.
And yes, I trust MS only slightly more than I trust a stranger when it comes to my responsibilities to my employer.
Any assistance/strategies are appreciated.
Maybe a solution like Endpoint Protection could help. The main challenges I've faced recently are that sometimes Chrome would cause problems until an update or patch was applied, usually taking a few days, though it can still be disruptive in its own way.
Limiting or eliminating tracking for ad targeting purposes or any reason else. The capacity to block or refuse edge AI in order to observe and collect whatever MS deems necessary is concerning.
It's definitely a given, yet it's far from a practical answer for strengthening security. In today's IT world, the network remains essential for businesses, while the internet serves more as a helpful aid rather than the main focus.
Yes, I've tried an endpoint solution and it worked. The issue is that 11 acts as a filter, and when the endpoint is set near that system, it checks and opens for Microsoft. Since Microsoft isn't completely secure, other hackers targeting Microsoft products can exploit this.