Microsoft has expanded testing for administrators in Windows 11, allowing Windows Insider users to access a new function through Windows safety settings.
First introduced in October for the Canary channel, Administrators Protection (Administrator Protection) utilizes a hidden mechanism for temporarily increasing rights and authentication requests through Windows Hello. This opens access to administrative rights only when necessary, aiming to prevent unauthorized access to critical system resources.
When activated, administrators entering the system are granted the rights of a standard user and must confirm their actions using Windows Hello (PIN code or biometrics) when installing new applications or making changes to the registry. This adds an extra layer of authentication compared to the existing User Account Control (UAC) mechanism, making it more challenging for harmful software and attackers to gain access.
The function is disabled by default but can be enabled by administrators through group policies or management tools like Intune. Users can also independently activate it through Windows safety settings in the Update and Security section under Windows Security and Account Protection. System reboot is required after making the change.
This feature is currently available for Windows Insider program members in the Canary channel who have installed Windows 11 Insider Preview Build 2774. Microsoft is also planning to introduce a new “Quick System Restore” system, allowing administrators to easily undo problems that arise after Windows updates. This new function, along with other security options, is part of Microsoft’s Secure Future Initiative.