Windows 11 is the operating system that enables users to access both the Office productivity applications and the services provided by the other Microsoft 365 components. The Microsoft 365 E3 and E5 product plans include an upgrade to the Enterprise edition of Windows 11. The Enterprise edition of Windows 11 includes security measures, deployment tools, and manageability functions that go beyond those of Windows 11 Pro, providing administrators of enterprise networks with centralized and automated protection of and control over fleets of workstations.
The Windows 11 Enterprise E3 operating system included in Microsoft 365 E3 is an upgrade to an existing Windows 11 Pro installation. The Microsoft 365 E5 product includes an operating system upgrade to Windows 11 Enterprise E5, which includes all of the E3 features plus Microsoft Defender for Endpoint.
Some of the additional features included in Windows 11 Enterprise are described in the following sections.
Security
All Windows 11 editions include Windows Defender, which protects the operating system from various types of malware attacks. However, compared to Windows 11 Pro, Windows 11 Enterprise includes several enhancements to the Windows Defender software, including the following functions:
- Windows Defender Application Guard This enables enterprise administrators to create lists of trusted Internet sites, cloud resources, and intranet networks. When a user accesses an untrusted site using Microsoft Edge or Internet Explorer, Windows 11 automatically creates a Hyper-V-enabled container and opens the untrusted resource within the protected environment that the container provides. If the untrusted resource turns out to be malicious, the attacker is isolated within the container, and the host computer remains protected.
- Windows Defender Application Control (WDAC) This provides defense against malicious applications by reversing the standard trust model in which applications are assumed to be trustworthy until proven otherwise. WDAC prevents a system from running any applications, plug-ins, add-ins, and other software modules that have not been identified as trusted using a policy created with Microsoft Intune or Group Policy. Windows 11 version 22H2 includes Smart App Control, a feature based on WDAC that uses Microsoft’s security service to determine whether an app is too dangerous to run.
- Microsoft Defender for Endpoint Windows 11 includes the client-side components of Microsoft Defender, a private cloud-based threat prevention, detection, and response engine. Windows 11 includes endpoint behavioral sensors, which collect behavioral information from the operating system and forward it to the Defender back-end servers in the enterprise’s private cloud for analysis. Defender also protects the files in key system folders from unauthorized modification or encryption by ransomware and other attacks, applies exploit mitigation techniques to protect against known threats, enhances the network protection provided by Windows Defender SmartScreen, and performs automated real-time investigation and remediation of security breaches.