Microsoft continuously reinforces advanced network security in Windows 11. That’s why this past year, the company has been busy with data encryption enhancements for SMB. SMB signing, or the process of requiring digital signatures for SMB communication, became a default function for Windows Enterprise earlier in May. About a month later, they provided updates on the SMB authentication methodology.

With the release of the Windows 11 Canary build 25982 just last October, Microsoft announced mandatory SMB client encryption for all outbound connections. This means that administrators can mandate that all destination servers support SMB 3.x and encryption. If the server does not support either, the client won’t connect. Admins can also configure the SMB client to always require encryption, no matter the server or specific requirements.

Mandating SMB encryption provides a way to uphold proper data management practices. By ensuring that data shared across the network is encrypted, you establish a protective measure that aligns with data governance principles. This contributes to a secure and well-managed data environment for your business.

Requiring destination servers to support SMB 3.x and encryption allows admins to reduce the risk of unintended misconfigurations that could leave sensitive data exposed. Supporting encrypted protocols also minimizes the chances of oversight by individual users.

More info: Managed it help desk services