Summarize

Simplifying... Inshort

Microsoft is launching a new feature, Quick Machine Recovery, to prevent incidents like the CrowdStrike one, allowing IT admins to fix booting issues remotely.
The tech giant is also mandating security vendors to adopt stricter measures for more secure solutions, including a new framework to move anti-virus processing outside of the kernel.
Additionally, Windows 11 will introduce an administrator protection feature, providing users with temporary admin rights for specific tasks, enhancing overall security.

Was a long read? Making it simpler...

Next Article

Windows Resiliency Initiative has been launched for remote machine recovery

Microsoft's new initiative aims to prevent future CrowdStrike-like incidents

By Mudit Dube

Nov 20, 2024

10:23 am

What's the story

In the wake of CrowdStrike incident, which affected 8.5 million Windows PCs and servers in July, Microsoft is working on a new strategy - Windows Resiliency Initiative. The move is aimed at making Windows more secure and reliable. It involves some basic changes that would make recovery easier for customers running Windows-based machines, in case something like CrowdStrike happens again.

Quick recovery

New feature for remote machine recovery

As part of the Windows Resiliency Initiative, Microsoft has unveiled a new feature dubbed Quick Machine Recovery. The tool enables IT admins to remotely target fixes at machines failing to boot properly. The feature is based on improvements made to the Windows Recovery Environment (Windows RE), according to David Weston, Vice President of Enterprise and OS Security at Microsoft.

Enhanced security

Microsoft mandates security vendors to adopt specific measures

Post the CrowdStrike incident, Microsoft is now making it mandatory for security vendors involved in the Microsoft Virus Initiative (MVI) to adopt certain measures to make their solutions more secure and reliable. These include better testing and response procedures, as well as safe deployment practices for updates on Windows PCs and servers. The company is also working with its MVI partners to allow anti-virus processing outside of the kernel.

Framework development

New framework to shift anti-virus processing outside kernel

Microsoft is working on a new framework that will shift anti-virus processing out of the kernel. A preview of this framework is expected to be privately available to Windows security partners in July 2025. The company spoke about these plans at its Windows Endpoint Security Ecosystem Summit in September, where kernel architects from the Windows team were present to discuss this shift with security vendors like CrowdStrike.

Upcoming feature

Windows 11 to introduce administrator protection feature

Along with the resiliency improvements, Windows 11 will also introduce a feature called administrator protection. As the name suggests, this new feature will offer users the security of a standard user while giving them temporary admin rights for certain tasks after authenticating with Windows Hello. Once the task is done, these admin privileges are instantly revoked, Weston explained.