This week, Microsoft started rolling out the “Moment 4” update for Windows 11 as an option for consumers with lots of new features and improvements. However, the enterprise admins that work with the OS are getting some new features and improvements as well with this update.
In a blog post, Microsoft announced several new Windows Firewall features that are currently rolling out. Admins will now be able to access the following security options:
- Target Firewall rules to specific applications without an absolute file path in a secure way using Application Control for Business app ID tagging with Firewall rules via Microsoft Intune.
- Configure network list manager settings to determine when a Microsoft Entra joined device is on your on-premises domain subnets. This helps ensure that Firewall rules are properly applied by using the network list manager settings for Firewall location awareness.
- Configure more granular Firewall logging settings for domain, private, and public Firewall profiles.
- Specify Firewall inbound and outbound rules for ICMP types and codes.
Admins can also set up their Microsoft Entra joined devices so employees will no longer have to type in a password to unlock PCs or access services. This is all part of Microsoft’s push to get rid of passwords in favor of passkeys that can be unlocked with facial recognition, fingerprints, or PINs.
As we reported last week, two new Cloud PCs services, Windows 365 Boot and Windows 365 Switch, have now officially entered general availability. The same goes for Mobile Application Management (MAM) for Windows 11, version 22H2 devices. That feature allows employees to use their personal devices at work by ensuring there are no local threats on those products.
There’s also a new feature called Adaptive Dimming, which lets businesses set up a sensor on their PC that automatically dims the screen if the person in front of it is no longer paying attention to the display.
Another feature that’s currently in testing is Config Refresh. Microsoft says:
Use the Windows settings catalog to set a cadence for Windows devices to reapply previously received policy settings, without requiring devices to check in to Intune— every 90 minutes by default, or every 30 minutes if desired. This protects against configuration settings being unexpectedly changed through either malicious software or registry edits.
The feature is being tested by members of the Windows Insider Program and should become generally available in the coming months.