Microsoft expands testing of Windows 11 admin protection feature

Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings.

First introduced in October in a preview build for Windows 11 Insiders in the Canary Channel, admin protection uses a hidden, just-in-time elevation mechanism and Windows Hello authentication prompts that only unlock admin rights when needed to block access to critical system resources.

Once enabled, it ensures that logged-in admin users have only standard user permissions and are asked to authenticate via Windows Hello using a PIN or biometric method when installing new apps or trying to change the registry.

These authentication prompts should be more challenging to circumvent than the Window User Account Control (UAC) security feature to prevent malware and attackers from compromising the system by accessing critical resources.

“With administrator protection enabled, the prompt requesting the user’s authorization for elevating untrusted and unsigned applications now comes with expanded color-coded regions which will now extend down over the app description,” the Windows Insider team said on Thursday.

​Admin protection is off by default and must be enabled by IT admins via group policy or mobile device management (MDM) tools like Intune and, as the Windows Insider team shared today, by users via Windows Security settings.

“Administrator protection can now be enabled from Windows Security settings under the Account Protection tab. This allows users to enable this feature without requiring help from IT admins,” the Windows Insider team added.

“It also allows Windows home users to enable Administrator protection via Windows Security settings. Changing this setting requires a Windows reboot.”

This new security feature is currently available to Insiders in the Canary Channel who have installed Windows 11 Insider Preview Build 27774.

​In recent months, Redmond has also announced that it will roll out a new “Quick Machine Recovery” feature to the Windows 11 Insider Program community in early 2025, which will help system admins remotely fix devices rendered unbootable via Windows Update “targeted fixes.”

Additionally, the company plans to add Windows 11 support for Config Refresh, another new feature allowing admins to restore PC settings to preset configurations, and Zero Trust DNS (designed to redirect all DNS queries through trusted DNS servers).

Since November, it has also started testing hotpatching on Windows 365 and Windows 11 Enterprise 24H2 client devices, which enables Windows to download security updates and install them in the background without rebooting.

Some of these features have been introduced since the launch of Microsoft’s Secure Future Initiative (SFI) cybersecurity engineering effort in November 2023.