Microsoft Security Product Hub

Windows 10

Overview

Windows 10 includes many security capabilities as part of the operating system such as Microsoft Defender Antivirus to provide native protection against viruses and malware. Biometric authentication, passwordless authentication and disk encryption provide ease of use for end users while keeping devices and content secure. Other capabilities can be added via endpoint protection such as Defender for Endpoint.

AppLocker controls which applications and files users can run, to prevent running of unauthorised applications, files, scripts and installers.

Attack Surface Reduction is part of Defender for Endpoint and reduces the attack surface using hardware based isolation, application control, controlled folder access, network protection, exploit protection, attack surface reduction rules and device control.

Bitlocker Drive Encryption is a volume protection tool that encrypts disk volumes to prevent data leakage or data theft from disk volumes.

Windows Defender Credential Guard uses virtualisation based security to prevent credential theft attacks by isolating kerberos tickets and NTLM password hashes.

Windows Defender Application Control prevents unapproved software from running such as malware and untrusted software. Only allowed or well--known and reputable applications are allowed to run.

Microsoft Defender Antivirus is included in Windows to help protect devices from viruses, malware and other threats.

Windows Hello for Business extends the biometric and PIN capabilities of Windows Hello to allow single sign-on via key-based or certificate-based authentication. User's passwords are not entered or sent over the network, reducing the risk of compromised or leaked credentials.

Outcomes

  • Disk Encryption
  • Biometric Authentication
  • Passwordless login
  • Antivirus
All
Secure Remote Work
Zero Trust