Windows 11 enables security by design from the chip to the cloud


  • Staff
Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, and security for the more than 1 billion people who use Windows. While we have adapted to working from home, it’s been rare to get through a day without reading an account of a new cybersecurity threat. Phishing, ransomware, supply chain, and IoT vulnerabilities—attackers are constantly developing new approaches to wreak digital havoc.

But as attacks have increased in scope and sophistication, so have we. Microsoft has a clear vision for how to help protect our customers now and in the future and we know our approach works.

Today, we are announcing Windows 11 to raise security baselines with new hardware security requirements built-in that will give our customers the confidence that they are even more protected from the chip to the cloud on certified devices. Windows 11 is redesigned for hybrid work and security with built-in hardware-based isolation, proven encryption, and our strongest protection against malware.

Security by design: Built-in and turned on

Security by design has long been a priority at Microsoft. What other companies invest more than $1 billion a year on security and employ more than 3,500 dedicated security professionals?

We’ve made significant strides in that journey to create chip-to-cloud Zero Trust out of the box. In 2019, we announced secured-core PCs that apply security best-practices to the firmware layer, or device core, that underpins Windows. These devices combine hardware, software, and OS protections to help provide end-to-end safeguards against sophisticated and emerging threats like those against hardware and firmware that are on the rise according to the National Institute of Standards and Technology as well as the Department of Homeland Security. Our Security Signals report found that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to protect this critical layer.

With Windows 11, we’re making it easier for customers to get protection from these advanced attacks out of the box. All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust.

The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.

PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.

TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices.

Windows 11 also has out of the box support for Azure-based Microsoft Azure Attestation (MAA) bringing hardware-based Zero Trust to the forefront of security, allowing customers to enforce Zero Trust policies when accessing sensitive resources in the cloud with supported mobile device managements (MDMs) like Intune or on-premises.
  • Raising the security baseline to meet the evolving threat landscape. This next generation of Windows will raise the security baseline by requiring more modern CPUs, with protections like virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot built-in and enabled by default to protect from both common malware, ransomware, and more sophisticated attacks. Windows 11 will also come with new security innovations like hardware-enforced stack protection for supported Intel and AMD hardware, helping to proactively protect our customers from zero-day exploits. Innovation like the Microsoft Pluton security processor, when used by the great partners in the Windows ecosystem, help raise the strength of the fundamentals at the heart of robust Zero Trust security.
  • Ditch passwords with Windows Hello to help keep your information protected. For enterprises, Windows Hello for Business supports simplified passwordless deployment models for achieving a deploy-to-run state within a few minutes. This includes granular control of authentication methods by IT admins while securing communication between cloud tools to better protect corporate data and identity. And for consumers, new Windows 11 devices will be passwordless by default from day one.
  • Security and productivity in one. All these components work together in the background to help keep users safe without sacrificing quality, performance, or experience. The new set of hardware security requirements that comes with this new release of Windows is designed to build a foundation that is even stronger and more resistant to attacks on certified devices. We know this approach works—secured-core PCs are twice as resistant to malware infection.
  • Comprehensive security and compliance. Out of the box support for Microsoft Azure Attestation enables Windows 11 to provide evidence of trust via attestation, which forms the basis of compliance policies organizations can depend upon to develop an understanding of their true security posture. These Azure Attestation-backed compliance policies validate both the identity, as well as the platform, and form the backbone for the Zero Trust and Conditional Access workflows for safeguarding corporate resources.
This next level of hardware security is compatible with upcoming Pluton-equipped systems and also any device using the TPM 2.0 security chip, including hundreds of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many others.

Windows 11 is a smarter way for everyone to collaborate, share, and present—with the confidence of hardware-backed protections.

Learn more

For more information, check out the other features that come with Windows 11:
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


Source: Windows 11 enables security by design from the chip to the cloud | Microsoft Security Blog
 

Attachments

  • windows_security_new.png
    windows_security_new.png
    5 KB · Views: 1
Last edited by a moderator:
Secure BOOT is part of UEFI, everybody with UEFI BIOS has that.
Can an older BIOS be converted to UEFI is really what I am asking. This is going to take some Googling to figure out :)
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    i7-12700K
    Motherboard
    ASUS Rog Strix Z690-F Gaming
    Memory
    64GB
    Graphics Card(s)
    ASUS TUF RTX 4090 OC card
    Sound Card
    none Headphones ASUS 7.1 Surround
    Monitor(s) Displays
    Gigabyte M32U 32 inch 4k IPS 144Hz monitor
    Screen Resolution
    3340 by 2160 144 Hz with HDR 10
    Hard Drives
    2TB Samsung 980 Pro NVME, 3X Samsung 4TB 860 EVO
    PSU
    EVGA 850 Modular
    Case
    Corsair Graphite 780T
    Cooling
    Cooler Master Hyper air
    Keyboard
    Corsair K95 RGB
    Mouse
    Logitech G502 wired
    Internet Speed
    990Mbps up/down Fiber to the home
    Browser
    Chrome
    Antivirus
    MS Defender
Can an older BIOS be converted to UEFI is really what I am asking. This is going to take some Googling to figure out :)
No, UEFI is in BIOS firmware, either it has it or not. There were some attempts at software UEFI like on my Gigabyte 990fx MB but never worked. Older, legacy only BIOS just doesn't have enough ROM/EPROM capacity for all of that.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
I can understand Microsoft wanting to make a more secure OS. I don't understand the reason why Windows 11 can't be installed on older computers that can run Windows 10 without any problems. Not being a programmer I would think the OS would run ok. It just wouldn't use the extra security. I don't see Microsoft being greedy because the average home users aren't going to upgrade to Windows 11 until they need a new computer. Most home users don't even check for updates or even manually run their security programs let alone update the OS. If it's not done automatically it doesn't get done. Remember no one is being forced to upgrade. I do see this as a must for companies and government agency's. The problem is the number of them still using old computers and OS's because of the cost to upgrade. To sum up my view about Windows 11. I think Microsoft making a more secure OS is the right move and for the right reason.
 

My Computers

System One System Two

  • OS
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec G156
    CPU
    Intel Core i5-8400 CPU @ 2.80GHz
    Motherboard
    AsusTeK Prime B360M-S
    Memory
    16 MB DDR 4-2666
    Monitor(s) Displays
    23" Speptre HDMI 75Hz
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 970 EVO 500GB NVMe
    Mouse
    Logitek M185
    Keyboard
    Logitek K270
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    Windows Defender
I can understand Microsoft wanting to make a more secure OS. I don't understand the reason why Windows 11 can't be installed on older computers that can run Windows 10 without any problems. Not being a programmer I would think the OS would run ok. It just wouldn't use the extra security. I don't see Microsoft being greedy because the average home users aren't going to upgrade to Windows 11 until they need a new computer. Most home users don't even check for updates or even manually run their security programs let alone update the OS. If it's not done automatically it doesn't get done. Remember no one is being forced to upgrade. I do see this as a must for companies and government agency's. The problem is the number of them still using old computers and OS's because of the cost to upgrade. To sum up my view about Windows 11. I think Microsoft making a more secure OS is the right move and for the right reason.
Proof of that is that it runs fine after installation even with those features disabled.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
No, UEFI is in BIOS firmware, either it has it or not. There were some attempts at software UEFI like on my Gigabyte 990fx MB but never worked. Older, legacy only BIOS just doesn't have enough ROM/EPROM capacity for all of that.
Yeah, sigh. The BIOS is so tied into the hardware that changing it would be a nightmare. However, SCSI interfaces used to have their own BIOS extensions built into the card adapter:
" BIOS extension option ROMs, which provide additional functionality to BIOS. Code in these extensions runs before the BIOS boots the operating system from mass storage. These ROMs typically test and initialize the hardware, add new BIOS services, or replace existing BIOS services with their own services."
Sounds like there is still hope for a $25 card that you plug in to make a PC play nice with Win 11. There will be huge demand if someone comes up with one. MUCH more likely is a hack to bypass Win11 boot requirements.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    i7-12700K
    Motherboard
    ASUS Rog Strix Z690-F Gaming
    Memory
    64GB
    Graphics Card(s)
    ASUS TUF RTX 4090 OC card
    Sound Card
    none Headphones ASUS 7.1 Surround
    Monitor(s) Displays
    Gigabyte M32U 32 inch 4k IPS 144Hz monitor
    Screen Resolution
    3340 by 2160 144 Hz with HDR 10
    Hard Drives
    2TB Samsung 980 Pro NVME, 3X Samsung 4TB 860 EVO
    PSU
    EVGA 850 Modular
    Case
    Corsair Graphite 780T
    Cooling
    Cooler Master Hyper air
    Keyboard
    Corsair K95 RGB
    Mouse
    Logitech G502 wired
    Internet Speed
    990Mbps up/down Fiber to the home
    Browser
    Chrome
    Antivirus
    MS Defender
Yeah, sigh. The BIOS is so tied into the hardware that changing it would be a nightmare. However, SCSI interfaces used to have their own BIOS extensions built into the card adapter:
" BIOS extension option ROMs, which provide additional functionality to BIOS. Code in these extensions runs before the BIOS boots the operating system from mass storage. These ROMs typically test and initialize the hardware, add new BIOS services, or replace existing BIOS services with their own services."
Sounds like there is still hope for a $25 card that you plug in to make a PC play nice with Win 11. There will be huge demand if someone comes up with one. MUCH more likely is a hack to bypass Win11 boot requirements.
Yes that's possible, TPM is just glorified protected storage device. Just like those SCSI boards there are others. I had and IDE PCI card like that. Actually any Plug and Play (Pray ?) devices mist have some kind of BIOS to function as P&P.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
I can understand Microsoft wanting to make a more secure OS. I don't understand the reason why Windows 11 can't be installed on older computers that can run Windows 10 without any problems. Not being a programmer I would think the OS would run ok. It just wouldn't use the extra security. I don't see Microsoft being greedy because the average home users aren't going to upgrade to Windows 11 until they need a new computer. Most home users don't even check for updates or even manually run their security programs let alone update the OS. If it's not done automatically it doesn't get done. Remember no one is being forced to upgrade. I do see this as a must for companies and government agency's. The problem is the number of them still using old computers and OS's because of the cost to upgrade. To sum up my view about Windows 11. I think Microsoft making a more secure OS is the right move and for the right reason.
The Verge gave a great reason for TPM implementation. All of the last huge ransomware attacks like the one on the gas pipeline were all done on corporate systems running a Windows environment. With hundreds of millions of dollars at stake and a very real threat of lasting damage to corporate, military, and infrastructure systems, MS has decided to step up its game. Windows 11 is one of the first steps in that direction with its elevated security functions. That will, by necessity, exclude a great number of computers that simply are not secure enough. For those machines, Windows 10 will still be the OS to use.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    i7-12700K
    Motherboard
    ASUS Rog Strix Z690-F Gaming
    Memory
    64GB
    Graphics Card(s)
    ASUS TUF RTX 4090 OC card
    Sound Card
    none Headphones ASUS 7.1 Surround
    Monitor(s) Displays
    Gigabyte M32U 32 inch 4k IPS 144Hz monitor
    Screen Resolution
    3340 by 2160 144 Hz with HDR 10
    Hard Drives
    2TB Samsung 980 Pro NVME, 3X Samsung 4TB 860 EVO
    PSU
    EVGA 850 Modular
    Case
    Corsair Graphite 780T
    Cooling
    Cooler Master Hyper air
    Keyboard
    Corsair K95 RGB
    Mouse
    Logitech G502 wired
    Internet Speed
    990Mbps up/down Fiber to the home
    Browser
    Chrome
    Antivirus
    MS Defender
The Verge gave a great reason for TPM implementation. All of the last huge ransomware attacks like the one on the gas pipeline were all done on corporate systems running a Windows environment. With hundreds of millions of dollars at stake and a very real threat of lasting damage to corporate, military, and infrastructure systems, MS has decided to step up its game. Windows 11 is one of the first steps in that direction with its elevated security functions. That will, by necessity, exclude a great number of computers that simply are not secure enough. For those machines, Windows 10 will still be the OS to use.
also brought to attention that a lot of intrusions come from private PCs without much security but tied to mainframes.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
Proof of that is that it runs fine after installation even with those features disabled.
I'm in the process of upgrading my laptop that fails the PC Health Check. So far I haven't had any warnings pop up.
 

My Computers

System One System Two

  • OS
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec G156
    CPU
    Intel Core i5-8400 CPU @ 2.80GHz
    Motherboard
    AsusTeK Prime B360M-S
    Memory
    16 MB DDR 4-2666
    Monitor(s) Displays
    23" Speptre HDMI 75Hz
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 970 EVO 500GB NVMe
    Mouse
    Logitek M185
    Keyboard
    Logitek K270
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    Windows Defender
The Verge gave a great reason for TPM implementation. All of the last huge ransomware attacks like the one on the gas pipeline were all done on corporate systems running a Windows environment. With hundreds of millions of dollars at stake and a very real threat of lasting damage to corporate, military, and infrastructure systems, MS has decided to step up its game. Windows 11 is one of the first steps in that direction with its elevated security functions. That will, by necessity, exclude a great number of computers that simply are not secure enough. For those machines, Windows 10 will still be the OS to use.
The problem is getting them to spend the money and time to update and train the employees. At least Microsoft is doing their part.
 

My Computers

System One System Two

  • OS
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec G156
    CPU
    Intel Core i5-8400 CPU @ 2.80GHz
    Motherboard
    AsusTeK Prime B360M-S
    Memory
    16 MB DDR 4-2666
    Monitor(s) Displays
    23" Speptre HDMI 75Hz
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 970 EVO 500GB NVMe
    Mouse
    Logitek M185
    Keyboard
    Logitek K270
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    Windows Defender
Are there limitations in the hardware that prevents adding TPM and Secure Boot? Can a desktop or laptop computer retroactively ADD TPM capabilities via an internal add-on board or a USB dongle? It would not take much, a cryptographic key embedded in a module that can be read by the BIOS. Right now there are three ways, a TPM add-on header on the mobo to add a separate dongle, a TPM chip soldered to the mobo itself, and using the CPU's firmware. Using a USB port or an add-in card that is recognized by the BIOS may make TPM work.
The same goes with Secure Boot. A BIOS update to the machine might be possible to add this feature. Just because it is not there now may just be due to a lack of interest by the buyers or laziness of the BIOS writers.
Asus could add Firmware TPM to the ROG Gaming models for Haswell onwards that do not have it but the PRO/WIFI model of same Gen do via Hardware/Firmware but they decided not to as they are gaming/enthusiasts orientated (official response on their forums).

Winraid Forums may have peeps who will mode the Bios for these Models.
 
Last edited:

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel i7-4790k @ 5GHZ
    Motherboard
    Asus Maximus VI Extreme
    Memory
    32GB Corsair Dominator Platinum 2400Mhz @ 10-12-11-27-1T
    Graphics Card(s)
    Nvidia RTX 3090FE @ Core 2200 MHZ / Memory 21 GHZ
    Sound Card
    Creative SoundBlaster ZxR
    Monitor(s) Displays
    LG 32GN600 (G-Sync Comp)
    Screen Resolution
    1440p
    Hard Drives
    C: Primary SSD > Samsung 860 PRO 512GB
    G: Gaming SSD > Samsung 860 PRO 1TB
    S: Storage SSD > Samsung 860 EVO 4TB x2 (Windows Storage Spaces = 8TB)
    X: Ext Backup > IcyBox+WD Red 4TB x4 (Raid 10)
    PSU
    Corsair AX1600i
    Case
    NZXT Phantom 630 (Black)
    Cooling
    Noctua NH-D15S Chromax Black
    Keyboard
    Logitech G613
    Mouse
    Logitech G903 LS (Hero)+PowerPlay Wireless Charge Pad
    Internet Speed
    VM 1Gb/s
    Browser
    Edge
    Antivirus
    Eset
The Verge gave a great reason for TPM implementation. All of the last huge ransomware attacks like the one on the gas pipeline were all done on corporate systems running a Windows environment. With hundreds of millions of dollars at stake and a very real threat of lasting damage to corporate, military, and infrastructure systems, MS has decided to step up its game. Windows 11 is one of the first steps in that direction with its elevated security functions. That will, by necessity, exclude a great number of computers that simply are not secure enough. For those machines, Windows 10 will still be the OS to use.

Yeah, which is why I said something similar. Only thing I thoguht up out of thin air was my "picked a random date" theory. Everything else is already been said by someone else.

They seem to be trying to make a good case - but only time will tell. Right now it just sounds like smoke and mirrors to impress investors.

also brought to attention that a lot of intrusions come from private PCs without much security but tied to mainframes.

Ayup. WFH opened all sorts of new doors that Corps and Enterprises were not ready for.

I'm in the process of upgrading my laptop that fails the PC Health Check. So far I haven't had any warnings pop up.

Good luck!

The problem is getting them to spend the money and time to update and train the employees. At least Microsoft is doing their part.

If their plans pan out, I may actually support them. However, I'm still hedging my bets on all this. Only time will tell - as we all know from all the diff forums we've been a part of working with various Microsoft OSs.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
I won’t be buying any new computer until the release to public takes place. In the meantime I will continue with downloading on dev channel to see what actually happens. Specs may change some by the time win 11 is released to public.
 

My Computers

System One System Two

  • OS
    windows 10 & 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    iBuyPower (special build)
    CPU
    AMD Ryzen 7X
    Motherboard
    Asus Prime x370 Pro
    Memory
    64Gb
    Graphics Card(s)
    Radeon RX 480 8Gb
    Monitor(s) Displays
    Samsung UHD 27 inch
    Screen Resolution
    UHD
    Hard Drives
    3 Samsung 1 TB SSD each; 1 Samsung PCIe M.2 at 2 TB
  • Operating System
    Windows 11 pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    IBuyPower
    CPU
    AMD 9 5900X
    Motherboard
    Asus x570 ROG Crosshair VIII Dark Hero WI-FI 6E ARGB
    Memory
    32 Gb
    Graphics card(s)
    Nvidia GeForce RTX 3080 Ti 12 GB GDDR6X
    Sound Card
    3D PREMIUM surround sound onboard
    Monitor(s) Displays
    Samsung 32 inch UHD curved monitor
    Screen Resolution
    UHD
    Hard Drives
    Samsung 980 pro 2 tb gen 4 NVMe ssd
    PSU
    850 watt consair RM850X
    Case
    Lian Li LANCOOL ONE tempered glass RGB gaming case
    Cooling
    DEEPCOOL GAMERSTORM RGB 240 mm CASTLE 240EX liquid cooler
    Mouse
    Ares m.2 gaming optical mouse
    Keyboard
    Ares m.2 gaming keyboard
    Internet Speed
    450
    Browser
    Firefox / Edge
    Antivirus
    Windows defender
    Other Info
    With all this gaming rig I am not a gamer!
Good answer.

I won't buy a computer period. I build them - but since mine is (thus far) showing a fully supported, I'm happy. I'd hate to think I wasted all that money last year lol.

Besides - I fully expect to see that people will be able to use Win11 on unsupported machines without being crippled. If Microsoft really does go the route of crippling the OS on those unsupported machines, I'll be HIGHLY surprised.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth

My Computer

System One

  • OS
    EndeavourOS, Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    custom PC
    CPU
    Core i5 8400
    Motherboard
    Gigabyte B360M-HD3
    Memory
    8gb DDR4-2400
    Graphics Card(s)
    iGPU
    Sound Card
    Realtek
    Monitor(s) Displays
    some generic 1080p 75hz monitor * 2
    Screen Resolution
    1080p * 2
    Hard Drives
    GIGABYTE NVMe SSD 256GB (GP-GSM2NE3256GNTD)
    Internet Speed
    200MBit/s
    Antivirus
    WD
What is this? a more rare security module than a TPM chip?
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps

Latest Support Threads

Back
Top Bottom