Kyle Kucharski
Follow : Add us as a preferred source on Google.
Windows 11 offers a variety of security settings designed to better safeguard your PC and personal files. But those settings tend to be scattered across different places. That means you need to know where to find them as well as how to activate and adjust them. The goal here is to ensure that your system is as secure as possible. Here are the five things I do when I set up a new Windows PC.
1. Turn on BitLocker encryption
Built into Windows 11 Pro, Enterprise, and Education, BitLocker encrypts your system drive to protect it against unauthorized access. Normally, a person who grabs your computer might be able to retrieve the files on your system drive. To do that, they may try to boot up your PC from a USB stick or connect the drive itself to a different machine.
Also: Microsoft announces sweeping Windows changes - but no apologies
With BitLocker enabled, though, someone who snags your PC or hard drive wouldn't be able to access your data without the 48-digit recovery key, which is automatically generated. To support BitLocker, your PC must be equipped with a TPM (Trusted Platform Module) chip, which covers pretty much any computer made over the past eight or nine years.
Enabling BitLocker is one of the first things I do on any new Windows 11 PC. To set this up, open File Explorer, right-click on your system drive, and select "Turn on BitLocker" from the context menu. Choose where you want to back up your recovery key, decide which part of the drive you wish to encrypt, and then run the system check. The drive is then encrypted.
Show more2. Protect personal files from malicious apps
Though I use a third-party security tool on my main laptop and desktop, I turn to the built-in Windows Security on my supplemental and test machines. Here, I enable an option called controller folder access to protect my personal folders and files from unwanted access or changes.
Also: Buying a router? A new US ban just shrank your choices - here's why
Head to Settings, select Privacy & security, select Windows Security, and then click the button for Open Windows Security. Select the first option for Virus & threat protection.
Scroll down the next screen to the section on Ransomware protection and click the link for Manage ransomware protection. Turn on the switch for Controlled folder access. By default, all your personal folders and files are automatically protected against unauthorized or malicious apps. To add other folders, click the link for Protected folders, select the button for Add a protected folder, and then select the folder or folders you want to include.
Show more3. Protect the Windows kernel from malicious apps
Another security setting I typically enable is one for memory integrity. This one uses virtualization to isolate and protect the Windows system kernel from malicious apps. The downside is that turning on this feature can slow down performance and even trigger incompatibilities with certain drivers. For that reason, I'll enable this setting but then turn if off if I run into slowdowns or other problems.
Also: You're being tracked online - 9 easy ways to stop the surveillance
Here, go to Settings, select Privacy & security, select Windows Security, and then click the button for Open Windows Security. Select the option for Device security. Under Core isolation, click the link for Core isolation details. At the next screen, turn on the switch for Memory integrity. You'll need to reboot your PC for the change to take effect.
Show more4. Turn on Windows Hello authentication
Sure, you already protect and authenticate your Windows PC with a password and likely a PIN. But a person who somehow learns your password or PIN can gain access to your computer. For that reason, I always set up facial or fingerprint recognition on my PCs. To enable this, you need a Windows Hello-compatible webcam or fingerprint reader. My laptop includes both. For my desktop, I use an external webcam and USB-connected fingerprint scanner.
Head to Settings, select Accounts, and then click Sign-in Options. If your system supports facial or fingerprint authentication, the options will indicate that they're recommended. Choose Facial recognition and follow the steps to scan and record your face. Choose Fingerprint recognition to scan and record your fingerprint.
Show moreTo further protect your PC, disable the option to sign in with your password, requiring either the facial or fingerprint scan for authentication. Scroll down the screen to Additional settings and turn on the setting "For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device."
5. Activate the Find my device feature on a laptop
Since I travel a lot with my laptop, I want to be able to track it down should it ever become lost or stolen. For that, Windows includes a Find my device feature that let you locate your laptop if you lose sight of it.To activate this, go to Settings, select Privacy & security, and click Find my device. Next, turn on the switch for Find my device.
Show moreShould you ever need to track down your missing laptop, sign in to your Microsoft account website on a different device and head to the Devices screen. Click the name of the lost device and select Find my device. The address and a map of your computer's last known location should appear. You can use the map to locate or lock the device if you don't want someone else to access it before you find it.
Featured
-
I built an app for work in 5 minutes with Tasklet - and watched my no-code dreams come true
-
How Claude Code's new auto mode prevents AI coding disasters - without slowing you down
-
Microsoft may finally remove its frustrating Windows 11 setup requirement
-
Stop telling AI your secrets - 5 reasons why, and what to do if you already overshared