Dec 13 2023

Windows 11 Offers a New Cybersecurity Approach for Education

The OS update better protects K–12 environments and user data from evolving cyberthreats.

To address the ever-present and evolving threat of cyberattacks, Microsoft recently released Windows 11.

“We’ve had upgrades, such as Windows XP, Windows 7 and Windows 10,” says Jason Brown, senior field solution architect at CDW. “Windows 11 isn’t an upgrade so much as it is a complete redesign of the entire platform. In earlier versions of Windows, hardware was just hardware. It was there to power the system, and Windows ran on top of that. The hardware and software were completely separate.”

Cybersecurity has changed radically, and Windows 11 is a response to the pervasive nature of cyberthreats today. The final version of Windows 10, 22H2, will reach the end of support on Oct. 14, 2025. While it will continue to function, there will be no more version updates unless Microsoft extends the date.

To ensure that K–12 systems are secure, schools should start the Windows 11 migration process today, Brown says. K–12 IT leaders must also understand that migration to Windows 11 is a journey that requires preparation.

Click the banner to learn more about Windows 11 assistance.

Windows 11 Includes Security Layers to Protect Student Data

OSs have become much more secure over the years, thanks to firewalls, anti-virus software and malware scans. However, according to Brown, nothing was blocking the worst hole in the entire infrastructure: end users clicking on a link to launch something they thought was benign. In fact, the human element was a factor in 74 percent of total breaches, according to Verizon’s 2023 Data Breach Investigations Report. Windows 11 could change that.

“Windows is now constantly scanning every internet site that you visit, every document that you open, and running processes to make sure they are legitimate and safe to continue,” Brown says.

Windows 11 does this using a feature called Microsoft Defender SmartScreen, one of several new tools rolled out with the operating system update. Here are other security features that schools should be aware of when considering a migration to Windows 11:

  • BitLocker: While this feature was included on Windows 10, it was optional. Now, device and drive encryption are built into the OS by default to protect user data from unauthorized access, Brown says.
  • Credential Guard: This feature uses virtualization-based security (VBS) to defend systems from credential theft and malware attacks even when they are running with admin privileges, according to a Microsoft blog.
  • Config Lock: Using mobile device management policies, this feature monitors registry keys to detect changes in a school’s device ecosystem and reverts changed systems to an IT-desired state. Microsoft notes that it also prevents users from altering security settings.
  • Hypervisor-Protected Code Integrity: Also known as memory integrity, HVCI is another VBS feature integral to ensuring that all drivers plugged into the OS are safe and trustworthy.
  • Microsoft Pluton: This security processor was built on the principle of zero trust. It is integrated into the CPU and OS to protect personal information, credentials and encryption keys, according to Microsoft. Instead of requiring K–12 IT teams to manually update the processor, it can be done via Windows Update, adding another level of security.
  • Smart App Control: According to Microsoft, this feature blocks malicious and untrustworthy apps, as well as unwanted apps that can slow down devices or that come with unexpected or unwanted properties, such as ads or extra software.

All of these security layers and more are in constant communication, prepared to isolate suspicious applications and lock down the system so that malicious programs can’t take over and propagate onto other devices, Brown says. It’s all a part of zero-trust architecture.

“Even though your device might be managed, if you have certain things turned off, the system will no longer trust that device. If Microsoft Defender anti-virus isn’t running, it will say, ‘I no longer trust you. You cannot come in until that’s fixed.’ If you don’t have the latest Microsoft patches installed, it won’t trust you until Microsoft Intune finishes pushing the update to you,” Brown says, adding that Microsoft Azure cloud tools and Microsoft Intune work together with the OS to protect the school IT ecosystem.

DISCOVER: Learn how Windows 11 stays in step with education needs.

How Windows 11 Security Features Support Mobility in the Classroom

Having enhanced security on devices can enable more mobility for teachers in the classroom. School systems can extend the capabilities of Windows 11 to other systems, Brown says.

For example, schools can use Windows 11 to securely manage their smart screens. A teacher can walk around the room and manage that smart screen using a tablet protected by layers of robust security features.

“Teachers can change the content on that screen or make annotations with a digital pen. They’re no longer sitting at a desk,” Brown says. “They can now roam around the room and be more interactive with their students.”

On the IT side, Windows 11 gives IT staffers the ability to remotely access many of these systems, so they no longer have to run down hallways or change buildings to manage devices.

For more on the specific security features offered by Windows 11, Brown recommends that school IT leaders read Microsoft’s Windows 11 Security Book: Powerful Security by Design.

Windows 11 Migration Requires Partnership and Planning

Migrating to Windows 11 isn’t something that can happen overnight. It requires careful planning and preparation. However, schools don’t have to do it alone. Brown says that a technology partner such as CDW can offer an assessment tool to help them determine whether their applications and hardware are ready to run Windows 11.

Older devices might not be authorized to run the new OS because the hardware may not support the different credentialing tools and zero-trust capabilities in Windows 11. Brown says that some users have found a way around the credential check to install the OS; however, this leaves organizations without the security benefits of the Windows 11 and hardware integration.

READ MORE: Discover tips to prepare your school for Windows 11.

Through an assessment, CDW can help schools determine whether their systems can support Windows 11, and if not, will recommend compatible hardware while meeting their educational requirements.

“We break down why this device will work and why this other one won’t. We walk through your applications and note which ones will require talking to your developers to get the latest version,” Brown says. “You’re not walking into this with your eyes closed. You’re now walking into this with an understanding of what you need to do, the budget you have to build this and the process of how that’s going to happen.”

Brown points out that many organizations are already paying for a mobile device management program such as Microsoft Intune without realizing it. That can be brought to light through an assessment.

Some school leaders may be interested in a Windows 11 migration but feel that they don’t have the budget for such an investment. Brown notes that CDW can help them seek additional funding. However, it’s important to connect with a partner early to determine eligibility.

“If we are brought in later in the project, it may change the funding availability,” Brown says. “We can review all the details and help determine what funding is available for your project.”

filo/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.