Skip to content

Written by Mark Skelton Technical Services Director

The increasing rise in cyber threats means that security needs to be a top priority in your Windows configuration. In this blog, we’ll dive into 5 basic Windows Security configurations that you should be aware of.

1.  Local admin rights for users

Many of our customers, when we start working with them, have local admin rights enabled for most of the users in their organisation. The most common reason they give is that it’s simply the easier option, as it allows employees to change settings or install software themselves when they need to.

However, granting local admin rights to standard users poses a significant security risk. Users with admin rights can install malware, change system settings, and access sensitive data. This can lead to unauthorised data breaches and other serious security incidents.

To mitigate these risks, IT managers should implement the concept of least privilege, which states that users should only have the access they need to fulfill their job functions. This means that standard users should not have local admin rights, unless absolutely necessary.

2. BitLocker

BitLocker encryption is another way to protect your company’s data from unauthorised access, even when your employees’ laptops or work phones are lost or stolen. A critical component of any comprehensive security strategy, BitLocker is increasingly being implemented as standard today.

There are different BitLocker options available, including full disk encryption, startup PIN protection, and portable device encryption. IT managers can manage BitLocker deployments across their organisations by creating policies, enrolling devices, and troubleshooting issues. This ensures that BitLocker is configured correctly and that all devices are protected.


3. Password policy and Windows Hello

Passwords obviously play a key role in security in organisations, and it’s crucial that you educate your employees about the importance of using strong, unique passwords that are at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols. You should also implement and enforce password policies to ensure that users are following best practices.

In 2016, Microsoft introduced Windows Hello with the aim of reducing the reliance on traditional passwords. Windows Hello allows users to enter a PIN to unlock their device, similar to a bank card.

Using a PIN has two major benefits. Firstly, entering a PIN is faster, more convenient, and less susceptible to shoulder surfing. Secondly, even if someone sees your PIN, they will only have access to your account via your device, whereas if someone sees your password, they can use it to access your account from any device, anywhere in the world.

4. Windows Defender for anti-virus

While PINs offer convenient and secure authentication, a comprehensive security strategy should also include antivirus protection. Windows Defender for anti-virus is integrated in Windows 10 and Windows 11 as standard and is also enabled by default. This provides significantly more security, as in the past many devices, especially private devices, often had no or only the cheapest antivirus software. Now this protection is built-in.

However, it is important to be aware that Windows Defender cannot detect all malware threats. This is where Microsoft Defender for Endpoint, as well as having a managed service provider like Ekco, can offer your company more robust protection.

Read our free eBook on the benefits of Managed EDR

Microsoft Defender

5. Windows Firewall

Just like Windows Defender, Windows Firewall is standard integrated in Windows 10 and 11 and is also on by default. However, I still come across people who complain that they have to grant different permissions for Window Firewall and that it is not user-friendly, which makes them consider turning it off.

This is not a wise choice, though, as the firewall is a fundamental part of the basic security of your system and is important to keep in mind. Firewalls play a critical role in protecting networks and devices from unauthorised access, as well as blocking incoming and outgoing traffic based on predefined rules.

IT managers can customise Windows Firewall rules to meet the specific needs of their organisations. This includes allowing or blocking specific applications, protocols, and ports. You should also monitor firewall activity on a regular basis to detect and respond to potential threats.

By following these basic configurations, you can significantly improve the security of your Windows systems. Focus on implementing a layered security approach that includes antivirus, firewall, and other security measures so you have a more comprehensive defence against cyberattacks.

Can’t see clearly through your Windows? We can help make your Microsoft environment secure. Get in touch.


Our specialists have the answer