Microsoft has unveiled a groundbreaking security feature called Administrator Protection, now available to Windows Insiders in the Canary Channel with the release of Windows 11 Insider Preview Build 27774.
This feature, designed to strengthen system security, introduces a new approach to managing administrative privileges, addressing long-standing vulnerabilities in Windows systems.
What Is Administrator Protection?
Administrator Protection is a security enhancement aimed at mitigating risks associated with administrative accounts. Traditionally, users logged in as administrators have unrestricted access to system resources, making them prime targets for malware and attackers.
This new feature enforces the Principle of Least Privilege (PoLP) by treating administrator accounts as standard users by default. Elevated privileges are granted only on a just-in-time (JIT) basis when specific tasks require them.
Users attempting actions requiring administrative rights, such as installing software or modifying critical system settings, must authenticate explicitly when enabled.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
This is achieved through Windows Hello, which supports biometric authentication or PIN verification. The feature also introduces color-coded elevation prompts, which visually highlight potentially risky actions, extending these warnings over the app description for greater clarity.
Key Features of Administrator Protection
Default Standard Permissions for Admin Accounts:
- Even when logged in as an administrator, users operate with standard permissions by default.
- Administrative tasks require explicit authentication.
Just-in-Time Privileges:
- Elevated permissions are granted temporarily and revoked immediately after the task is completed.
- This reduces the attack window for malicious actors.
Eliminates the Need for IT Involvement:
- Users can enable Administrator Protection directly from the Account Protection tab in Windows Security settings, eliminating the need for IT intervention.
- Activation requires a system reboot to apply changes.
“Administrator protection can now be enabled from Windows Security settings under the Account Protection tab. This allows users to enable this feature without requiring help from IT admins”, Microsoft said.
“It also allows Windows home users to enable Administrator protection via Windows Security settings”.
Enhanced Elevation Prompts:
- Color-coded prompts provide visual cues to help users distinguish between trusted and untrusted applications.
- Prompts extend over app descriptions, making them harder to overlook.
Currently, Administrator Protection is available exclusively to Windows Insiders running Build 27774 in the Canary Channel. Microsoft plans to refine the feature based on user feedback before rolling it out more broadly in future Windows 11 updates.
With Administrator Protection, Microsoft takes a significant step toward securing administrative accounts against privilege escalation attacks, ensuring that both home and enterprise users remain in control of their systems while minimizing risks from malicious actors.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar