Windows OS is highly popular for its flexibility in allowing you to run apps from third-party sources that could even potentially make amendments to the system-level settings. However, this also makes it vulnerable to security and privacy threats. Fortunately, Windows has some built-in security settings and features that, when enabled, can safeguard your PC from malicious activities. Most of these settings are enabled by default; however, some users might disable them for certain reasons on the PC, potentially weakening security.

Here’s a list of the ten most important Windows 11 settings you need to enable to keep your computer safe.

10 Microsoft Defender

Built-in antivirus

Microsoft Defender is a security program that comes included in Windows 10 and 11 OS. It has some robust security features that protect your system from malicious threats. When turned on, its real-time protection feature actively scans your system in the background and immediately quarantines any suspicious application or file.

In recent years, Defender has been consistently ranked among the top antivirus programs for Windows by antivirus testing agencies like AV-Test. Since it’s deeply integrated with Windows, there are no compatibility and usage issues. It also gets frequently updated through Windows security updates.

To enable Microsoft Defender’s real-time scan, search for Windows Security and turn on the Virus and Threat Protection option. You can also choose to scan your whole system through one of the scanning options: Quick Scan, Full Scan, Custom Scan, and Offline Scan.

9 Firewall & network protection

Built-in defense

Windows comes with a Firewall and network protection feature that gatekeeps your PC and prevents online threats from intruding. It monitors incoming and outgoing traffic and blocks any unauthorized or suspicious access. You can also set inbound and outbound rules for a specific app to protect your data from hackers and malware programs.

Firewall is enabled by default on Windows 11, and you can allow an app to pass through it. To check if it’s active on your Windows PC, search and open Windows Security and switch to the Firewall & network protection section on the left. Ensure the Firewall is on for Public, Private, and Domain networks.

8 App & browser control

Site screening for safety

App & browser control is an essential Windows feature that safeguards your system from potentially harmful applications, files, and websites. It uses the SmartScreen feature (reputation-based protection) to check URLs and downloads against a regularly updated database of known threats. Whenever you download a file or installer from unknown sources or publishers, it will block the installation. It also saves your computer from accidental or hidden installation of harmful apps.

Reputation-based protection gives you options to enable the SmartScreen for Microsoft for blocking malicious sites and downloads, Phishing Protection for guarding your passwords from malicious sites and apps, SmartScreen for Microsoft Store Apps, and Potentially Unwanted App Blocking. All these can be enabled by navigating to Windows Security > App & browser control settings.

7 Core isolation

Protection for the most sensitive

Core isolation is part of Windows Device Security settings. It includes certain features, such as Memory integrity, Memory access protection, and more, which add an extra security layer to your PC. It uses virtualization-based security to protect sensitive processes.

The Memory integrity option prevents cyber attackers from infiltrating malicious code into high-security processes. The Memory access protection safeguards your device’s RAM from malicious external devices. Further, there is a Microsoft Vulnerable Driver Blocklist feature that blocks vulnerable drivers from running on your PC.

These features can be enabled from Windows Security’s Device Security section by clicking the Core isolation details option.

6 Ransomware protection

Don't get lost in their web

Ransomware attacks are one of the most serious cyberattacks, and to counter that, Windows 11 comes with a Ransomware protection feature. It is designed to shield your files and folders from being encrypted by malicious programs. This feature allows you to safeguard important folders from unauthorized access, and provides recovery options in case of an attack. It works alongside OneDrive to ensure that even if ransomware takes over, your files can be recovered.

Ransomware protection can be enabled under Windows Security settings from the Ransomware protection section. Turn on Controlled folder access, and all the essential profile folders like Documents, Pictures, Music, and more will be automatically included in the ransomware protection. Further, clicking the Protected Folders option and then the + Add a Protected Folder will let you insert one or more folders you want to include in the ransomware protection.

5 BitLocker Encryption

Only available on some Windows 11 versions

Windows BitLocker is a powerful tool that locks all of your hard disk data with robust encryption. So, even if your device is stolen, it would be hard to access the encrypted data without a decryption key. However, it is officially only available on Windows 11 Pro, Enterprise, and Education editions and not on the Home edition.

BitLocker is highly useful if you have sensitive data on your system. It can also encrypt an external hard disk. To enable BitLocker for a particular drive, right-click on the drive and select Turn on BitLocker. Or just search for “BitLocker” in the search box and click the Manage BitLocker option to access its settings.

4 Secure Boot

BIOS level protection

Secure Boot is a BIOS-level setting that ensures Windows only boots with trusted software from the manufacturer. It prevents malicious actors from hijacking the boot process and injecting sophisticated malware like rootkits. Secure Boot is one of the mandatory requirements for installing Windows 11 on a device. It is also integrated with BitLocker encryption to safeguard drive data.

To enable it, you need to access the BIOS settings before booting Windows and search for the Secure Boot option.

3 Dynamic Lock

Automatic lock-down

If you work in an office or a public place, leaving your laptop unattended is always risky. In such situations, Windows Dynamic Lock can help you secure your device. It works by pairing a device (such as a phone or a smartwatch) with the laptop via Bluetooth. When the paired device goes out of range of the computer, Windows will automatically lock it to prevent unauthorized access. So, if you leave your laptop unlocked and take the paired device with you, the laptop will be locked within 30 seconds.

Dynamic Lock can be easily enabled from Windows Settings under the Sign-in options. To turn it on, you must pair your laptop and smartphone via Bluetooth.

2 Windows Hello

Biometric authentication

Windows 11 has an advanced biometric security feature called Windows Hello, allowing you to log in to your device through facial recognition, fingerprint, or a PIN. This not only speeds up the log-in process but also adds a robust security layer over Windows OS. Passwords or PINs can be stolen or guessed, but it’s extremely difficult to bypass the biometrics.

You can enable the Windows Hello sign-in options by navigating to Accounts > Sign-in options or by simply searching for them. Of course, your device must have the required hardware (facial recognition camera or fingerprint scanner) to enable the respective option.

1 User Account Control (UAC)

Admin authorization required

User Account Control (UAC) is a Windows security feature that prevents unauthorized changes to your system. Every time your system is about to take an action that requires administrator-level permission, UAC will raise a prompt that you need to confirm. This prevents the accidental installation of suspicious applications.

Windows gives you the option to set the level of prompt you want from UAC. From Never Notify to Always Notify, there are four notification levels you can set according to your requirements. However, it is advised to set it to Always Notify for maximum security.

Take control of your Windows 11 security

With the increase in cyber threats, it’s essential to utilize the built-in security settings of your Windows 11 OS to keep your PC secure and running smoothly. Enable these settings to take control of your system’s safety, and regularly update your device with the latest security patches. Also, don’t forget to turn any of these settings back on if you've disabled them temporarily for some reason.