windows 11

Enhanced Security Measures Coming to Windows 11: Admins Can Mandate SMB Client Encryption

Microsoft's Upcoming Windows 11 Update Introduces Stronger Network Security Through Mandatory SMB Encryption for Outbound Connections.

The rollout of this new capability has already commenced with the introduction of Windows 11 Insider Preview Build 25982 for Insiders in the Canary Channel.

Pyle further noted that administrators can configure the SMB client to consistently demand encryption, regardless of the server, share, UNC hardening, or mapped drive requirements. This empowers administrators to enforce the use of SMB encryption, particularly SMB 3.x, across all connections, and to refuse connection if the SMB server does not support these encryption standards.

To implement this new feature, administrators have the flexibility to configure it through PowerShell or the “Require encryption” group policy, which can be found under Computer Configuration \ Administrative Templates \ Network \ Lanman Workstation.