Windows 11 22H2 Warns when you're doing Dumb things with Passwords
Reading Time: 2 minutes

Windows 11, version 22H2 offers Enhanced Phishing ProtectionWindows 11 version 22H2 rolled out by Microsoft  can automatically detect when you type a password into an unsafe app or site and then reports it to admins via Microsoft Defender for Endpoint. 

Windows alerts both the user and admin when a password has been used on a malicious site or app. The new feature is based on Microsoft’s SmartScreen technology and is available to users of Windows 11 2022 Update.

According to Microsoft’s Sinclaire Hamilton, “When Windows 11 protects against one phishing attack, that threat intelligence cascades to protect other Windows users interacting with other apps and sites that are experiencing the same attack as well.”

To prevent hacking attacks, the Microsoft account requires automatic notifications to the IT admins of unsafe passwords with their SmartScreen feature. The feature also works with accounts managed through Active Directory, Azure Active Directory, and local passwords. Hackers will always find a way to take advantage of vulnerable passwords, so they can game the system and avoid identification. This means “Attackers don’t break in, they log in”, Hamilton added. 

Hamilton further explained, “SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps,” 

Password usage has only increased over the last few years, and now Microsoft has ensured its new security defaults, such as Smart App Control, will deny unknown applications from running, and also prevent any access to your network or new SMB password attacks.

IT Administrators can configure what the user experiences with Safe Connect once the device is managed through Group Policy or an MDM solution. With an MDM, the setting allows for admins to see any unsafe password usage in their environment without having to warn users.

A warning will now show up for any unsafe connections, saying “this app made an unsafe connection that was reported to Microsoft.”

This pop-up includes the option to “change my password.” When selected, the Windows Settings app will open and direct you to the section of your device where users can update their password.

To make passwords easier to use, Windows prompts users to have strong passwords with capitalized letters, numbers and symbols. If a Windows log-in has the same PIN on other sites, it will ask them to change it.

Enhanced Phishing Protection is available to all Windows users using Windows 11 22H2: those with premium rights, those with basic rights, and even those with no right at all.

To see alerts about enhanced phishing protection in the M365 Defender security portal, you need to have a license that provides Microsoft 365 Defender security portal access, like the E5 license.

Related Articles:
Windows 11 Gets Its First Major Update – Expectations
Third-party widgets for Windows 11 For Microsoft Store Coming Soon
Have You installed Windows 11 – but Microsoft is Preparing for Windows 12