In today’s time Windows 11 can be regarded as one of the most secure versions of the operating system. Moreover, there exists other various ways using which one can increase the PC’s security to a greater extent. For instance, checking for system upgrades, setting up security features like firewalls, ransomware and phishing protection, etc. Henceforth, this post exists of 20 best security settings to configure on Windows 11 that will allow the user to use the PC without any prior risk.

20 best security settings to configure on Windows 11

There exist various security settings to configure on Windows 11 which will lead to the enhancement of the security of the PC respectively. Thus, let us look at the main security settings to configure on Windows 11 to increase security of the system.

1. Enabling DNS over HTTPS(DoH) to configure

DNS over HTTPS is a security setting that encrypts DNS (Domain Name System) queries using the HTTPS (Hypertext Transfer Protocol Secure) protocol, improving security and privacy. This prevents third parties from intercepting queries. Various modern web browsers such as Firefox, Chrome, etc. supports this feature. Moreover, this feature can also be enabled in Windows 11. The steps to follow which allow the security settings to configure on Windows are as follows-

Step 1- Firstly, go to Settings and select Network and internet.

The settings page showing option of Network & Internet to configure

Step 2- Now, select the Ethernet or Wi-Fi tab as per the active Wi-fi connection.

The Network & Internet page showing the option of WiFi to configure

Step 3- Next, select the Edit option next to the DNS server assignment.

The Ethernet page showing DNS server edit option to configure

Step 4- From the drop-down menu choose the Manual option.

The DNS settings box showing Manual option to configure

Step 5- Enable the IPv4.

The DNS settings box showing IPv4 edit options to configure

Step 6- Choose a primary DoH IP address in Preferred DNS and a secondary DoH IP address in Alternate DNS section. The IP addresses may vary from Cloudflare (1.1.1.1 and 1.0.0.1) to Google (8.8.8.8 and 8.8.4.4) to others.

Step 7- From the “DNS over HTTPS” drop-down menu, choose the On (automatic template) option. There also exist other encryption preferences to choose from, but this option encrypts the DNS traffic.

The Edit DNS settings box showing DNS over HTTPS dropdown menu to configure

Step 8- Disable the Fallback to plaintext option.

Step 9- Now, select the Save option.

2. Enabling Smart App Control to configure

Smart App Control is a security setting of Windows 11 which runs only trusted applications and hinders the running of malicious applications. It locks the system and protects the PC. The following steps allows to enable the Smart App Control-

Step 1- Launch Windows Security.

Start app showing Windows Security application to configure

Step 2- Select App & browse control> Smart App Control settings.

The app and browser page showing smart app control settings to configure

Step 3- Click on the Evaluation option.

smart app control page showing the evaluation option to configure

3. Enabling Microsoft Defender Application Guard

Windows 11 consists of a setting named Microsoft Defender Application Guard which secures the PC from untrusted websites and files. It obstructs the access of resources of the PC by the unwanted sites. Thus, one can easily turn on this feature and protect the PC using the steps given below-

Step 1- Go to Settings> System> Optional features page.

The system page showing optional features option to configure

Step 2- Under the Related settings section, select the setting of More Windows Features.

The optional features page showing more windows features option to configure

Step 3- Enable the option of Microsoft Defender Application Guard.

The Windows Features page showing option of Microsoft Defender application guard option to configure

Step 4- Select the OK button and thereafter select the button of Restart Now.

4. Configure Presence Sensing

Presence Sensing is another built-in security setting of Windows 11 which determines the user’s closeness to the PC. It locks the screen when the user is not near and unlock it once the user comes back. The main steps to follow to enable this security feature are as follows-

Step 1- Go to Settings> System> Power & Battery tab. Then, select the option of Screen, sleep, & hibernate timeouts.

The Power and battery page showing scree, sleep and hibernate option to configure

Step 2 Now, enable the Turn off my screen when I leave. This will allow the system to disable the display as soon as the user leaves.

Step 3- Select the Wake up my device when I approach option. This will turn on the display when the PC feels the user’s presence.

Step 5- Again, enable the Dim my screen when I look away option.

The Power and battery page showing Presence Sensing option to configure

Step 6- Next, select any of the settings from the steps 3, 4, or 5. This will open the settings page of Presence Sensing. Thereafter, select the Turn off my screen when I leave option.

Step 7- Furthermore, next to the option of Consider me gone when I’m this far away, select the number of feet that the PC must utilize to locate the distance when the user has left the PC.

Step 8- Further, near the Then, turn off my screen after this amount of time option, select the time, the PC should wait before turning off the screen after the user leaves the PC.

The Power and battery page showing turn my screen off when I'm away option

Step 9- Next, select Turn off my screen when I leave while an external display is connected and the Wake my device when I approach option.

Step 10- Next to the Wake my device when I’m this close option, select the number of feet, the PC must use to locate how near the user must be to the PC for it to wake when the user approaches.

Step 11- Select Wake my device when I approach while an external display is connected and Dim my screen when I look away.

Step 12- Lastly, select Dim my screen when I look away while an external display is connected.

5. Syncing Date and Time on Windows

The synchronization of Date and Time in Windows 11 increases the security of the PC in many ways. It helps in examining security incidents, spotting untrusted activities, deciphering security logs, etc. Now, let us look at the instructions to follow for syncing date and time-

Step 1- Go to Settings and select Time and Language.

The Time & language page showing date and time option

Step 2- Select the Date & time option and then enable the Set time automatically.

Date and time page showing set time automatically option

Step 3- Below Additional settings, select the Sync now option.

6. Creation of Full Backup on Windows

Creating a full backup in Windows 11 is also another security setting that helps in making another copy of the whole framework. It helps in attaining protection when dealt with difficulties such as failure in hardware, malicious attacks in the system, etc. Henceforth, let us check at the steps to follow to create a full backup in WIndows 11.

Step 1- Go to Start and search Control Panel. Open the first result.

Start setting showing Control Panel option

Step 2- Select System and Security > File History.

Control Panel showing System and Security option

System and Security page showing File history option

Step 3- In the left pane, select the System Image Backup setting and then Create a system image.

File History page showing System Image Backup option

Step 4- Choose an external drive and save the backup of Windows 11.

System Image Backup page showing Create a system image option

 

Step 5- Next, select Next > Start backup> No.

System Image page showing network location option to backup

Step 6- Finally, select the Close button.

7. Configure Settings of Core Isolation

Core Isolation consists of a bunch of security settings such as the Memory Integrity  which secures the PC from destructive viruses and hackers. It secures the PC from malicious software and ascertains an enhanced security system in PC.

Step 1- Go to Start and search Windows Security. Open the top result.

Start page showing Windows Security option

Step 2- Select Device Security. Subsequently, select Core isolation details below Core isolation.

Device security page showing Core isolation option

Step 3- Enable the Memory integrity. It will turn on the Core isolation.

Core isolation page showing memory integrity option

Step 4- Lastly, restart the PC.

8. Configure Firewall Settings on Windows

Microsoft Defender Firewall is a feature of Windows 11 which checks the traffic of network and secures the PC from any kind of malicious access. To enable this setting, let us look at the steps that must be followed.

Step 1- Go to Windows Security>Firewall & network protection> Private Network(active).

The Firewall & network protection page showing Private network option

Step 2- Enable the Microsoft Defender Firewall to disable the firewall.

9. Configure Dynamic Lock

Dynamic Lock is a built-in feature of Windows 11 that lock the PC when the user is away based on a paired Bluetooth device’s closeness. It adds an extra layer of protection to the PC. Now, let us check the steps to turn on the Dynamic lock.

Step 1- Firstly, enable the peripheral and the Bluetooth pair settings. This will make it findable.

Step 2- Next, go to Settings> Bluetooth & devices.

The Bluetooth & devices page showing the option to turn on the Bluetooth

Step 3- Enable the Bluetooth to turn on the wireless radio.

Step 4- Select Add device>Bluetooth.

The Bluetooth page showing the option of add a device

Step 5- Further, from the list, select the Bluetooth device.

Step 6- Thereafter, follow the prompts that appears on the screen.

Step 7- Next, select Accounts>Sign-in-options>Dynamic lock.

The Accounts page showing the Sign-in option

Step 8- Select Allow Windows to automatically lock your device when you’re away.

The sign-in option showing the option to lock automatically

10. Configure Controlled Folder Access

Controlled folder access is another built-in security setting available in Windows 11. It is crafted to secure the PC from any kind of ransomware viruses. Thus, follow the given steps to enable Controlled folder access-

Step 1- First, go to Windows Security>Virus & threat protection.

Step 2- Below the Ransomware protection, select Manage ransomware protection.

Windows Security page showing Ransomware protection settings

Step 3- Now, enable Controlled folder access.

Ransomware protection settings showing controlled folder access option

11. Blocking Unnecessary Apps on Windows

The Reputation based protection setting of Window’s security is a prominent setting which provides enhanced security to the PC. This feature blocks unnecessary and malicious apps which may be harmful for the PC and protects the PC. Hence, the steps to follow for blocking unwanted options are given below-

Step 1- Primarily go to Windows Security>App & browse control.

The App & browser control page showing Reputation-based protection settings

Step 2- Subsequently, from Reputation-based protection, select Reputation-based protection settings.

Step 3- Next, enable the Potentially unwanted app blocking.

The Reputation based security settings page showing blocking unwanted app option

Step 4- Lastly, select Block apps and Block downloads.

12. Configure security settings of Phishing Protection

Phishing Protection is also one of the important features of Windows 11 which secures the PC from various dangerous applications and websites. Now, let us delve into the steps which will enable the Phishing Protection in the PC.

Step 1- Firstly, go to Settings> Accounts>Sign-in options.

The Accounts page showing the Sign-in options to configure

Step 2- Next, disable For improved security, allow Windows Hello sign-in for Microsoft accounts on this device below Additional settings.

The Sign-in options page showing allow Windows Hello sign-in disable option

Step 3- Now, click on the active Windows Hello feature (facial recognition, fingerprint recognition, or PIN below Ways to sign in.

The Sign-in options page showing the PIN remove option

Step 4- Further, select the Remove option two times.

Step 5- Now, verify the password of Microsoft account and select OK.

Step 6- Next, go to Windows Security>Apps & browser control>Reputation-based protection settings.

The App & browser control page showing the Reputation-based protection settings option

Step 7- Next, enable Phishing Protection.

The Reputation settings showing Phishing protection option

Step 8- Lastly, select the Warn me about malicious apps and sites, Warn me about password reuse, and Warn me about unsafe password storage. All pf these options will enhance the security of the PC.

13. Configure Random MAC Address on Windows

Enabling the Random MAC address helps in altering the MAC address frequently which in turn enhances the difficulty of tracking the MAC addresses. Therefore, the steps to follow for enabling the random MAC addresses are as follows-

Step 1- First go to Settings>Network & internet>Wi-Fi.

Network & Internet page showing the option of Wi-Fi

Step 2- Secondly, enable or disable the Random hardware addresses as per requirement.

14. Creation of Passkeys on Windows

Passkey is one of the alternative ways by which one can sign-in into their Google accounts. It increases the difficulty level of the hackers to get into the accounts of users as it consists of cryptographic key pairs making it more secure than normal passwords. Thus, the steps to create Passkeys are given below.

Step 1- Go to Microsoft Edge and open the Google Account.

Step 2- Sign in into the account and go to web service account.

Step 3- Enable the Passkey sign-in and select Create a Passkey.

The Google account sign-in page showing Create a passkey option

Step 4- Select Continue and specify the account details on Windows Hello.

The Passkey creation page showing continue option

The Windows Hello page asking for PIN

Step 5- Lastly, select OK and Done.

The Passkey creation page showing passkey is created

15. Creation of System Restore Point on Windows

System Restore is a feature of Windows 11 which helps in generating a copy of the Windows’ system in the form of a restore point. It aids in securing the data of the system if somehow an error occurs after updates. The prompts to follow for creating a Restore Point are as follows-

Step 1- Firstly, go to Start and search Create a restore point. Open the first result.

Step 2- Secondly, click on the system drive (C). Thereafter, select Configure from the section of Protection Settings.

the System Properties page showing Local Disk configuration option

Step 3- Click on Turn on system protection.

Restoration page showing Turn on system protection option to configure

Step 4- Select Apply>OK>Create. As a result, it will create a restore point.

System Properties page showing creating a restore point option to configure

Step 6- Next, specify a name for the restore point.

Create a restore point box asking for a name of new restore point to configure

Step 7- Finally, select Create>Close.

16. Installation of Updates on Windows

Installation of the latest updates of Windows also help in increasing the security system of the PC. It helps in fixing any kind of existing viruses in the system and hence enhances the overall performance of the PC. For installing new updates, follow the steps given below-

Step 1- At first, go to Settings>Windows Updates>Check for updates.

Windows Update page showing Check for updates option

Step 2- Next, if applicable, select the Get the latest updates as soon as they’re available.

Step 3- Further, select Download and install if required.

The Windows Update page showing Download and Install option to configure

Step 4- Finally, select Restart now.

17. Configure Windows Recall

Windows 11 has a feature named Windows Recall which tracks every second spent on the PC by taking snapshots of the PC frequently. This leads in decreased privacy of the PC as it tracks every record of the OC making it welcoming for hackers. Therefore, to turn off the feature of Windows Recall feature, follow these steps-

Step 1- Go to Settings>Privacy & security>Recall & snapshots.

Privacy and Security page showing Recall & snapshots option to configure

Step 2- Disable Save snapshots.

Step 3- Additionally, select Delete snapshots if required.

Step 4- Lastly, select Delete all below Delete all snapshots.

18. Configure Scareware Blocker on Windows

Scarecrow Blocker is one more security setting of Windows 11 which uses Artificial Intelligence to protect the PC from any kind of frauds. It offers an additional layer of protection to the PC apart from the traditional protection. Consequently, follow these steps to turn on Scareware Blocker in the PC.

Step 1- Firstly, go to Microsoft Edge>Settings.

Microsoft Edge page showing settings option to configure

Step 2- Next, select Privacy, search, and services>Security

Settings page showing Privacy and services option to configure

Step 3- Further, enable Scareware blocker, located below Security.

Security page showing Scarecrow Blocker option to configure

Step 4- Lastly, if required, enable Microsoft Defender SmartScreen.

19. Configure Remote Desktop

The enabling of the security setting of Remote Desktop may lead to the increase of security risk in the PC. This may happen as this feature allows the access to anyone which may sometimes consists of fraudulent individuals. Thus, disabling this setting will enhance the security of the PC. Hence, for the security setting to configure, follow these steps-

Step 1- Go to Settings>System>Remote Desktop.

System Page showing Remote Desktop option to configure

Step 2- Now, disable Remote Desktop.

Remote Desktop page showing disabling remote desktop option to configure

Step 3- Finally, select Confirm.

20. Configure settings of Windows Sandbox

Windows Sandbox is another security feature of Windows 11 which protects the PC from unwanted applications and software. It analyzes and tests these applications and block the unnecessary ones. Following the steps given below will allow the security settings to configure on Windows-

Step 1- Go to Settings>System>Optional features.

System page showing optional features option to configure

Step 2- Thereafter, from the section of Related settings, select More Windows features.

Optional features page showing More Windows feature option to configure

Step 3- Next, select Windows Sandbox.

Windows Features page showing Windows Sandbox option to configure

Step 4- Lastly select OK>Restart now.

Thus, these are the best security settings to configure on Windows which can be easily done by following the above steps in no time without any further difficulties.

Leave a Reply

Your email address will not be published. Required fields are marked *