Microsoft boosts Windows 11 security with encrypted DNS server discovery and SMB encryption for outbound connections
With the release of the latest Canary build of Windows 11, Microsoft has introduced welcome new security options. The first gives administrators the option of requiring encryption of all outbound SMB client connections.
The second is the arrival of support for Discovery of Network-designated Resolvers (DNR) which allows for the automatic discovery of encrypted DNA servers. Eliminating the need for manual configuration is an ease-of-use move that makes adoption more likely.
See also:
- BitLocker could be cutting the performance of SSDs almost in half in Windows 11
- Windows 11 23H2 ISO spotted online as Microsoft prepares to launch major Windows 11 update
- Microsoft is ready to launch new System Components hub in Windows 11 23H2
The new features and options can be found in Windows 11 build 25982, which is available to Insiders on the Canary Channel. Announcing these latest additions to the operating system, Amanda Langowski and Brandon LeBlanc say:
Starting with this build (Build 25982), SMB now supports requiring encryption of all outbound SMB client connections. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. This enforces the highest level of network security as well as bringing management parity to SMB signing, which allows both client and server requirements.
Going on to talk about the networking improvements to be found in this latest release, they add:
Discovery of Network-designated Resolvers (DNR) is an upcoming internet standard to discover encrypted DNS servers. Until today, Windows Insiders users had to find out the IP address of their desired encrypted DNS server and manually enter it to configure client-side encrypted DNS on their machine. DNR will enable Windows Insider users to use encrypted DNS protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT) on the client-side without requiring manual configuration. Client-side support for DNR is now available in Windows Insiders Insider Preview Build 25982 and higher.
More information is available here.
Image credit: bilalulker / depositphotos