With technology on the rise and everything we do living on digital devices, it is more crucial than ever to ensure your data is secure from sophisticated attacks by malware, viruses, and ransomware. Microsoft has a built-in mechanism on Windows 11 to protect your data called Controlled Folder Access (CFA).

Initially introduced with Windows 10, CFA guards your files and folders against ransomware attacks on your PC. Apps without proper authorization to access your data will be blocked from it. It guards your main system folders by default with extra protection, and you can add any additional files and folders later. It also gives you the control to allow apps to access your files if one is misidentified by the security feature.

5 It’s easy to enable

It needs to be on to protect your data

The CFA feature isn’t enabled by default, but turning it on is very straightforward on Windows 10 and 11. Launch the Windows Security app and head to Virus & Threat Protection > Manage ransomware protection. Toggle on the switch under the Controlled folder access section. Once enabled, only trusted apps will have access to your protected folders. Other settings also appear that allow you to manage the extra layer of protection, like adding folders, allowing apps, and more.

4 Improved file security

Keeps your files safe

Once enabled, CFA protects the files in your system folders, such as Pictures, Music, and Documents, by default. You can also add specific directories with the files you want protected with an extra layer of security. Your files are monitored and protected from unwanted modifications by malware or malicious code injections on your system.

3 Add specific folders

Protect your most sensitive files

CFA protects your system folders automatically by default. However, it also allows you to extend protection to other files and folders in any location on your drive. Click the Protected folders link in the ransomware protection section of the Windows Security app. Click the Add a protected folder button and navigate to the directory where you want CFA protection.

2 Notifications

Get alerts of unwanted changes

If a malicious app attempts to access your CFA-protected file or folders, you will receive an alert with an option to identify and respond to the potential threat quickly. You may get a false positive when a trusted app attempts to make a file change, but you can just opt to allow that app through. For example, I have problems with SSD maintenance apps like Samsung Magician getting through until I authorize it. But ensure you are only allowing trusted apps. Installing them directly from the Microsoft Store, if available, is one way to weed out fake apps.

1 App Control

Manage which apps have access to your protected data

Most apps, such as OneDrive, Spotify, and iCloud, will be allowed through CFA. However, if Microsoft deems an app is infected with malicious code and is unfriendly, it will be locked out. However, you can also add an app to the allowed list to access your data. For instance, you might get a notification that a proprietary app from work has been blocked from your files. You can put it on the “allowed apps” list. Click the Allow an app through Controlled folder access link to give it permission from the recently blocked list.

Better security by adding protection against ransomware

Turning on Controlled Folder Access on your PC will protect you better from ransomware attacks. This gives your folders and files another layer of protection against unwanted system changes from malicious code that encrypts your data then requests crypto to release it. CFA is a proactive security step you can use on your system to keep you safe from a possible attack.