Cyber Security

What’s New for Feds in Windows 11?

Published

on

Hybrid work environments seem to have influenced the design and features of Windows 11.

By now everyone has probably started to see commercials on TV, YouTube and many other places for Windows 11. The new operating system is slowly becoming available for free to anyone running Windows 10 whose computer meets the minimum specifications for the new OS. The question is whether feds should consider upgrading or stick with Windows 10.

The minimum specifications required to run Windows 11 are at least a 1 GHz processor with two or more cores and a 64-bit processor. You will also need 4G of RAM and 64G of storage space. As with everything else, having better hardware will result in better performance. Those who are close to the minimum specifications should probably stick with Windows 10, especially if their systems are performing well right now. There have been reports of slow performance on borderline systems after making the upgrade.

And you don’t have to decide on Windows 11 right now. Microsoft says that Windows 10 will be supported through 2025, so you have some time before you may be forced to make the switch. Given that most federal agencies would probably choose stability over features, they may want to wait a couple of months or even longer before jumping into the Windows 11 user pool and let the early adopters work out all the little bugs and foibles that come with any new operating system.

Microsoft sent me a factory-new Surface Go 3 tablet with a fresh build of Windows 11 to evaluate the performance of the new operating system, and to check out the new security and usability features that federal employees, and especially those working in a hybrid environment, might find most useful. In addition to the Surface Go 3 tablet, which has an i3 processor and 8G of RAM, Windows 11 was also installed as an upgrade on several machines in the test lab with various configurations.

Installation times were about the same as when adding any new OS going back to Windows 7. On the clean Surface Go 3, it took about 10 minutes to get the tablet set up, and then about 45 minutes to download and install all the security and Windows updates that the new device was missing when it shipped from the factory. For lab machines that were upgrading from Windows 10, the installation process took a lot longer, but the updates (which are clearly shared with Windows 10 for now) took almost no time at all because they were all up to date before Windows 11 was installed.

Teaming Up with a Hybrid Workforce

The fact that a majority of federal employees, along with many others, are working in so-called hybrid environments where they divide their time between a traditional office and a home office, seems to have influenced the design and features of Windows 11.

One of the most noticeable additions in this area is the fact that Microsoft Teams is now integrated directly into the operating system. Given the fact that a majority of government agencies tapped into Teams to help network employees at the start of the pandemic, and the National Institute for Standards and Technology and other federal agencies now offer guidance on how to safely use that tool, seeing it integrated directly into Windows 11 will only simplify the situation. 

In fact, the Microsoft Teams chat function is a default icon sitting at the middle of the new taskbar at the bottom of the Windows 11 homepage. So you can load that up when the device boots and directly keep in touch with all of your coworkers without having to load up the rest of the suite. On the backend, Microsoft is working to make Teams more accessible to those using Mac, Android and iOS devices too, so the community of Teams users will likely grow. Integration with the OS also gives administrators the ability to pre-configure Team settings and security for agency-owned devices deploying with Windows 11.

Virtual Desktops for the Masses

Configuring virtual desktops with Windows 10 was always possible, but required some advanced skills to do it right and safely. Windows 11 makes it easy for users to configure virtual desktops with almost no training required.

The advantage for federal employees using their personal devices for work is that they can easily set up one virtual desktop for their work, another for their private use, and maybe others for specific needs like their kid’s schoolwork or their personal gaming habits. Each virtual desktop can have its own permissions, applications and security settings, so it’s pretty easy to keep your work and personal life separate, which is not always so straightforward in a hybrid work environment.

Access to Accessibility  

Government has always been one of the biggest supporters of people with disabilities, as evidenced by Section 508, which must be considered for most government purchases. Windows 11 makes many accessibility features a native part of the operating system now, so there is no need to wrestle with third-party applications and wonder about compatibility.

The most useful of these new accessibility features is the fact that voice typing and commands are fully supported across the entire OS. A lot of little subtle changes have also been made, like putting more space between the icons for touchscreen users, so you don’t have to be quite so accurate if you have some mobility issues.

Haptic feedback has also been added to the digital pen for Microsoft tablets running Windows 11 like the Surface Go 3 provided for this evaluation. Users can feel and hear feedback through the pen when using it with certain applications. And gesture support has also been added for devices with touchscreens, which means less typing on a keyboard or having to bring up a virtual keyboard if you are using your Windows 11 device in tablet or slate mode.

Zero-Trust Ready 

Many federal agencies are moving towards a zero-trust environment, and it’s an underpinning of the cybersecurity strategy put forward by the Biden administration. Windows 11 includes several features that should help devices running it more easily integrate into a zero-trust network.

Most of these features exist on the backend of a Windows 11 device, so users are unlikely to see them or even know about them, though network administrators and security teams certainly will. The biggest one is the fact that Windows 11 supports Microsoft Azure Attestation, or MAA, by default. 

MAA is used to evaluate a hardware platform against agency policies to ensure that the binaries running there haven’t been tampered with or changed by malware or malicious users. Devices also have to prove that they have all the appropriate security protocols and requirements enabled. This should allow Windows 11 devices to easily integrate into zero-trust networking environments as agencies bring them online. Windows 11 won’t enable zero trust by itself but can act as a critical component of any highly secure network.

Playing in the Sandbox

Windows 11 also comes with a sandbox application for testing programs that users feel might be suspicious, or it can also be used by those developing new applications to see how they perform without risking the entire platform.

It’s not active by default, and not easy to get to, but it’s still notable that Microsoft included such a powerful tool as part of the new OS, even if the overwhelming majority of users will probably never find or use it. To enable it, you have to hit the Windows Key and R at the same time, and then type “optionalfeatures.exe” into the command line. Check to enable Windows Sandbox at the bottom of the list that pops up. Then you need to reset the computer.

Once active, you can select it like any other program from the command line. You then need to install any program you want to test in the sandbox into the new sandbox environment. You can’t use the sandbox with programs that are already active on the desktop. You need to do a fresh install of any tested program directly into the sandbox. Nothing within the sandbox has any access to real system resources, the registry or .dll files. When you close the sandbox, all instances and everything the tested program did will disappear forever. If malware exists, it won’t be able to leave the sandbox and penetrate the rest of the device.

It would be nice if Microsoft would make the new sandbox a little more user-friendly, and the company may do that at some point in the future, but even now it’s nice to see such an advanced tool included with the new OS.

Performance Testing 

In terms of benchmarking and performance, there was almost no difference between systems running Windows 10 that were upgraded to Windows 11. Users likely won’t notice any difference on most machines before and after the upgrade. 

The one exception to keep in mind is that systems that are on the cusp of being able to run Windows 11 might experience slower performance. Some of the Windows 11 security features require a bit more from of their device’s processors, so performance might take a bit of a dive on borderline systems.

Should Agencies Upgrade?

Windows 11 began rolling out on Oct. 5, though some users probably won’t get their invite until the middle of next year. Agencies and large government organizations can probably work out a special installation plan from Microsoft. But should they?

In general, the Windows 11 version that was tested was very stable. The little Surface Go 3 is hardly a powerhouse, with just an Intel i3 processor. And yet, it was able to do everything that was asked of it, even having multiple windows open while taking advantage of some of the new features like Teams Chat. Systems that were upgraded to the new OS didn’t generally perform better or worse when going from Windows 10 to Windows 11.

So the upgrade question may come down to the new features, and especially for government, the security enhancements. The biggest advantage for government is probably support for MAA right out of the box. Agencies looking to implement a zero-trust network can check off one of those many boxes on that complex road by simply providing Windows 11 devices to their users and phasing out less secure ones. However, zero trust is a long journey, and if an agency is not ready for that step, then there is little need to rush to Windows 11 right now. 

All of the usability features in the new OS are impressive, and things like virtual desktops can be really helpful for hybrid workers moving between environments. But it’s a case of want versus need. For now, if an agency wants to upgrade, then Windows 11 has a lot of nice features that federal employees will appreciate. And when they need to upgrade, such as when zero-trust networking finally fully takes off, then Windows 11 is ready to support those efforts.

Source: https://www.nextgov.com/ideas/2021/11/whats-new-feds-windows-11/186939/

Click to comment
Exit mobile version