To protect your computer, Microsoft released many new security features in the Windows 11 2022 Update. In this article, MiniTool Software will introduce some major new security features in Windows 11 22H2. You can make full use of these new features to safeguard your system and data.

Windows 11, Version 22H2 Is Rolled out with Many New Security Features to Protect Your PC

New Features and Enhancements in the Windows 11 2022 Update

The Windows 11 2022 Update | Version 22H2, the first feature update for Windows 11, has been released to the public for a while. Unlike the Windows 10 2022 Update, Microsoft introduced many new features and improvements in Windows 11 22H2.

>> See how to get the Windows 11 2022 Update.

For example, the task manager is updated with Efficiency Mode, the drag and drop feature in the taskbar is back, and the snap layouts feature is improved. You can also create folders in the Start menu. Find more new features and improvements in Windows 11, Version 22H2 here.

New Security Features in the Windows 11 2022 Update

Microsoft also brought new security features in the Windows 11 2022 Update to improve the security features against ransomware, phishing threats, and sophisticated hacking attacks.

For example, Microsoft added a new Smart App Control (SAC) app that can help you block dangerous apps. Personal Data Encryption (PDE) is available for encrypting individual files using Windows Hello for Business. Additionally, Microsoft also enhanced phishing protection for entering passwords while using an app or visiting a website.

In this article, we will introduce the main new security features in Windows 11 22H2. We hope these new security functions can help you protect your computer.

Personal Data Encryption (PDE)

Personal Data Encryption (PDE) is a new security feature introduced in the Windows 11 2022 Update. However, this feature is only available in the Enterprise edition of Windows 11. It is designed to offer more ways to encrypt data for business.

Before the release of PDE, BitLocker is the Windows built-in tool that can be used to encrypt the entire drive. Now, PDE is rolled out for Windows 11 Business to encrypt files. You can use it to link the encryption keys with the user credentials for quick decryption.

>> See how to use BitLocker Drive Encryption.

When your device gets lost or attacked by a hacker, he/she has to bypass the strong protection of BitLocker. But the attacker only finds that the individual files are encrypted using PDE. PDE is the second layer of protection for your files on the drive.

>> See how to configure Personal Data Encryption (PDE) policies in Intune.

When referring to drive and data decryption, there is another topic we should talk about: data recovery.

Use MiniTool Data Recovery Software to Recover Files on Windows 11/10

Drive and file decryption is one way to protect your files. Data recovery is the other way to keep your data safe. When you want to recover your data on Windows 11/11, you can try MiniTool Power Data Recovery.

With this software, you can recover files like images, videos, music files, documents, and more from different types of data storage devices. You can use this software on all versions of Windows, including Windows 11, Windows 10, Windows 8/8.1, and Windows 7.

This free file recovery tool can work under different situations:

  • When your files get lost or deleted by mistake, you can use professional data recovery software to get them back as long as they are not overwritten by new data.
  • When your hard drive is inaccessible, you can also use such a tool to rescue your files to a safe location.
  • When your computer is unbootable due to some reason, you can use the bootable edition of MiniTool Power Data Recovery to retrieve your files, then take measures to fix the system.
  • If your files get lost after a Windows 11/10 update, you can also try this software to get your data back.

This software is trusted by millions of users. However, if you use this file recovery tool for the first time, you will remain skeptical. Don’t worry. You can use MiniTool Power Data Recovery Trial Edition to have a try.

MiniTool Power Data Recovery TrialClick to Download100%Clean & Safe

You can use the trial edition of this software to scan the drive you want to recover data from and see if it can find your needed files. If you decide to use this software to recover data, you need to use a full edition.


To prevent your lost and deleted files from being overwritten by new data, you should not download and install this MiniTool data recovery software onto the location where the lost and deleted files locate.

After downloading and installing this software on your Windows PC, you can follow the instruction to get your files back:

Step 1: Open MiniTool Power Data Recovery to enter its main interface.

Step 2: This software will show the drive it can detect under the Logical Drives section. Then, you need to hover over the drive you want to recover data from and click the Scan button to start scanning that drive. You can also switch to the Devices section to scan the whole disk.

select the target drive to scan

Step 3: After scanning, you will see the scan results that are categorized by the path. You can expand each path to find your needed files. Additionally, you can also switch to the Type section to find your files by type. If you still know the name of the file you want to rescue, you can use the Find feature to directly locate that file. However, if you can’t find the file using this way, the name of the file should be damaged.

scan results

Step 4: If you decide to use this software to recover your data, you need to get a license key from MiniTool, then click the key icon from the top ribbon menu, and enter the license key to register this software. You can do this directly on the scan result interface. After that, you can select your needed files, click the Save button, and select a suitable folder to save your selected files.


The destination folder should not be the original location of the lost and deleted files. Otherwise, the missing files could be overwritten and become unrecoverable.

You see, it is easy to use this software to recover your data. Every ordinary user can operate it.

Smart App Control (SAC)

Smart App Control (SAC) comes with the Windows 11 2022 Update. If you are still running Windows 11 21H2 or Windows 10 22H2, you will be unable to find it on your device.

Smart App Control is located in the Windows Security app. It can stop scripting attacks and protect you from running untrusted or unsigned apps that may be associated with malware or virus attack tools. It works by making predictions using an AI model that actively receives updates, and then decides whether the app is safe to use.


Smart App Control is available in all Windows 11 editions with a clean installation of the Windows 11 2022 Update. But your network administrators can also use Microsoft Intune to configure it.

How to Enable Smart App Control on Windows 11 22H2?

Smart App Control is turned off by default on Windows 11 22H2. If you want to use it, you need to first enable it.

Here is how to turn on Smart App Control on Windows 11:

Step 1: Press Windows + I to open the Settings app.

Step 2: Go to Privacy & security > Windows Security > App & browser control.

Step 3: Click Smart App Control settings under Smart App Control on the right panel.

Step 4: Select the On option to turn on Smart App Control. You can also select Evaluation. Under this mode, Smart App Control can learn if it can help protect you without getting in your way too much. If so, it will automatically be enabled. Otherwise, it will automatically be disabled. This mode is convenient.

enable Smart App Control

If you are running the Windows 11 2022 Update, you can try this feature.

Vulnerable Driver Protection

The Windows 11 2022 Update uses virtualization-based security (VBS) to improve kernel protection on your device. This can avoid driver vulnerability exploits on the latest silicon from AMD, Intel, and Qualcomm.

The memory integrity (hypervisor-protected code integrity (HVCI)) feature is a part of these changes. This feature is enabled by default on new devices. How does this feature work? It uses VBS to run kernel mode code integrity (KMCI) inside the secure environment instead of the kernel to minimize attacks that attempt to modify the kernel. By doing this, only validated code will be executed in kernel mode.

Additionally, a list of vulnerable drivers is implemented by Microsoft. The list is used to block specific drivers from loading to stop threats and ransomware attacks from exploiting known vulnerable drivers to access the Windows kernel.

The block policy is enabled by default. But users still need to enforce it manually through the Windows Defender Application Control.

>> Find more information: Microsoft recommended driver block rules.

Enhanced Phishing Protection

Windows 11 22H2 also introduces enhanced phishing protection, a part of the SmartScreen technology. This feature can detect if the website or app you are going to use is secure in real time. If it finds risks, the system will let you know when you are trying to type a password. According to Microsoft’s official statement, network administrators can identify when passwords are leaked and take some necessary actions.

This enhanced phishing protection needs to work with your Microsoft Account, Active Directory, Azure Active Directory, local passwords, and on a Chromium-based browser like Microsoft Edge and Google Chrome or any app that may point to a phishing site.

You can find the enhanced phishing protection by going to Settings > Privacy & security > Windows Security > App & browser control > Reputation-based protection settings under Reputation-based protection.

enhanced phishing protection

From the above screenshot, you can also set it to warn you when reusing the passwords and storing passwords on your PC using any note-taking application like Notepad.

>> Find more information: Protect your Microsoft password from being phished.

More Security Improvements on Windows 11 22H2

New security features in the Windows 11 2022 Update are not limited to the above features. There are also some other small changes related to security on the Windows 11 2022 Update.

For instance, Windows Defender Credential Guard is enabled by default for businesses and organizations. This can minimize attacks against credential theft techniques like pass-the-hash or pass-the-ticket.

The Credential isolation with Local Security Authority (LSA) protection is also enabled by default on Windows 11 22H2. It can identify your identity. So it adds a second layer of protection for domain-joined devices.

Microsoft also adds a new feature named Config lock for Secured-core PCs to prevent misconfigurations when you use administrator privileges to make changes to the system, putting the computer out of sync with the company’s security policies.


Now, Microsoft is focusing on Windows 11. You should not Microsoft claims Windows as a service. The company should bring more useful and new features to Windows 11. The new security features in the Windows 11 2022 Update is just one step. Let’s wait and see.

If you want to know about some other related problems, you can let us know in the comments. You can also contact us via [email protected].

  • linkedin
  • reddit