Operating system security

Windows 10 security features

Dimitar Kostadinov
July 20, 2020 by
Dimitar Kostadinov

Alexander Benoit, senior consultant and head of Competence Center Microsoft, said something during a Microsoft event in Orlando in September 2017: "Because the threat landscape we're facing today is so diverse, there cannot be one tool or feature that we just enable and then we're secure."

We can observe that willingness to stop diverse threats in all parts of the industry today. It’s especially clear in the fact that Microsoft decided to design Windows 10 to offer five levels of security configuration:

  1. Enterprise basic security
  2. Enterprise enhanced security
  3. Enterprise high security
  4. Specialized workstation
  5. Administrator workstation

Let’s look at some of the most prominent security features of Windows 10.

Windows update

Windows Update is there, as usual, to fix past bugs and introduce new functions. This is the most important security setting for any Windows 10 device. Keeping all software up to date at all times is of paramount importance.

Windows defender antivirus (WDA)

WDA’s UI is more user-friendly than what most other antivirus programs have to offer. But what is particularly good about WDA is that it does not require any manual configuration or any support whatsoever (other than the automatic updates). 

For example, WDA comes with a built-in firewall and a safe browsing environment that will protect you from the most common threats. The firewall supports three different network configurations (Domain, Private and Public); however, in principle, this feature is enabled by default (as in compliance with the “security by default” rule) and does not need any adjustments to be effective.

WDA automatically scans each newly downloaded file once you proceed to open it as part of the real-time protection defense posture. A deep scan for rootkits once or twice a month is always a good idea.

Microsoft smartScreen

SmartScreen is a built-in feature that scans and blocks execution of known malicious programs. In addition, it can notify Windows 10 users when they are about to visit suspicious websites and emails because it compares their reliability against a Microsoft’s blacklist. Consequently, this cloud-based tool can provide an extra level of protection against both phishing and malware attacks in addition to the traditional cybersecurity awareness training of staff. 

Windows defender application guard

Windows Defender Application Guard raises your level of protection considerably, as it protects against advanced, targeted threats. This functionality works either by designating a list of trusted websites (the so-called “whitelisting”) or opening untrusted websites in a container that has no connection to corporate network endpoints, installed applications, memory, local storage or any other resources that may come under cyberattack. 

Windows sandbox

Windows Sandbox is a great solution if administrators decide to allow considerable freedom concerning application permissions, because it enables new apps to operate in isolated virtual silos in order to prevent full threat exposure.

Windows defender device guard

Device Guard is part of the Microsoft Defender tools suite. Equipped with enterprise-grade application whitelisting, this tool protects kernel processes and drivers from dangerous threats like zero-day attacks. 

Since signature-based detection often cannot cope with the heterogeneous nature of malware, Device Guard steps in to change the mode where the OS trusts only apps authorized by the administrator — locking down the device — in situations predetermined in code integrity policies. This feature is dependent on virtualization-based security (VBS).

Windows credential guard

Credential Guard protects better the derived domain credentials by leaning on other security features such as Secure Boot and virtualization. Because of that, it increases in turn the overall security against advanced persistent threats. In essence, VBS can isolate secret data from any other software except for privileged system software.

Windows defender exploit guard

Exploit Guard is a tool designed to cover a broad range of security tasks: network protection, controlled folder access, blocking untrusted fonts, blocking low-integrity images, address filtering and more.

Secure boot

A feature called Secure Boot provides excellent protection from ransomware by safeguarding the UEFI/BIOS. Windows 10 users can set up the Secure Boot feature to require that any code that runs immediately after the start of the OS be signed by Microsoft or the hardware maker.

In addition, UEFI Secure Boot can create a Windows 10 save point. While Secure Boot prevents hardware-based malware installations, save points provide a safety net in case something goes wrong with new application installations.

Controlled folder access

CFA is another excellent measure at your disposal to limit the potential damage caused by ransomware. This feature is available in all editions of Windows 10.

Microsoft defender advanced threat protection

Leveraging a tool called Microsoft Defender Advanced Threat Protection for monitoring of endpoints via behavioral sensors in combination with cloud-based analytics can ensure that suspicious behavior would be spotted on sight.

User account control

User Account is an important security tool of Windows 10 to keep unauthorized changes at bay. This is because it is always asking for an administration-level permission in the event of important changes such as removing an application or installing a program.

According to a survey done by Snow Software, 76% of employees are accessing business resources through work devices without IT permission. Due to a functionality called Windows 10 S Mode, businesses can solve the problem of shadow IT, limiting indiscriminate installation of applications.

Windows hello

Multi-factor authentication is the gold standard for safe logging. Windows Hello is a multi-factor authentication platform that can work with biometric data (e.g., fingerprints or facial recognition), as well as be paired with “companion devices” (smart phones, smart watches, etc.) to ensure only authorized users can have access to the computer on which Windows 10 is installed. Note that passwords are more likely to be stolen or hacked compared to fingerprint and facial data.

Other tools such as Microsoft Passport and Microsoft Azure Active Directory can be combined with Windows Hello. Microsoft Passport is a good multi-factor password alternative and Active Directory moves identity and access management to the cloud environment. In fact, leveraging Windows 10 security features that implement least-privilege protocols would confound most cybercriminal attacks, since bad guys cannot do much without credentials.

Find my device

The Find My Device feature can help you locate your stolen device when connected to the internet, and even lock it down.


Easy to use and already integrated into Windows OS, BitLocker encrypts your entire drive with a standard dubbed XTS-AES, whose default encryption strength is 128-bit (but Windows 10 users can increase it to 256-bit). This makes it impossible for malicious actors to steal your information.

Probably the best part is how unobtrusive and easy to use this feature is — you will usually not notice any difference in system performance and you will not need anything other than a Windows user account password to start it.

It may be advisable to not store your BitLocker recovery key in your Microsoft account. Save it rather to an external drive, store it in a password manager (e.g., LastPass) or print it on paper and lock it away somewhere safe. When coupled with the Trusted Platform Module (TPM), BitLocker’s encryption key can be safely stored on the TPM instead of the hard disk.

Windows 10 offers another, simpler form of encryption called BitLocker Device encryption.


Statistics show that Microsoft Windows is the chosen operating system for the majority of desktop and laptop users in the United States (65%) and in the world (77%). That is a lot of Windows-driven devices! Many people’s personal data is there, so Microsoft bears the enormous responsibility of providing their clients with a product that will meet all modern standards from a cybersecurity point of view.

All things considered, with its new security features that further operational best practices, Windows 10 seems to fortify and streamline cybersecurity.

Nick Cavalancia, Microsoft MVP and founder of Techvangelism, put it this way: “Windows 10 security features are laser-focused on protecting and preventing current, specific forms of cyberattack.”


Dimitar Kostadinov
Dimitar Kostadinov

Dimitar Kostadinov applied for a 6-year Master’s program in Bulgarian and European Law at the University of Ruse, and was enrolled in 2002 following high school. He obtained a Master degree in 2009. From 2008-2012, Dimitar held a job as data entry & research for the American company Law Seminars International and its Bulgarian-Slovenian business partner DATA LAB. In 2011, he was admitted Law and Politics of International Security to Vrije Universiteit Amsterdam, the Netherlands, graduating in August of 2012. Dimitar also holds an LL.M. diploma in Intellectual Property Rights & ICT Law from KU Leuven (Brussels, Belgium). Besides legal studies, he is particularly interested in Internet of Things, Big Data, privacy & data protection, electronic contracts, electronic business, electronic media, telecoms, and cybercrime. Dimitar attended the 6th Annual Internet of Things European summit organized by Forum Europe in Brussels.