This content is part of the Essential Guide: Windows 10 security guide to fortify your defenses
Manage Learn to apply best practices and optimize your operations.

How can I improve Windows 10 security?

Everyone should observe the minimum Windows 10 security settings, but there are steps you can take to make devices even more secure.

Microsoft designed its newest OS to be secure by default, but you can still improve Windows 10 security. You should enable the minimum security settings upon installation, but there are a few more things you can do to cover your bases.

For starters, verify that the Windows Firewall is enabled. It's also a good idea to make sure no unnecessary ports are open.

Next, turn your attention to antimalware. Windows 10 comes with antimalware software -- Windows Defender -- that works in a pinch, but most security professionals recommend that companies use third-party antimalware too.

Regardless of whether you use Windows Defender or something else, having antimalware tools in place isn't enough. You must make sure your defenses actually work. Update virus definitions to make sure the software's update mechanism works properly, and perform a manual scan to verify the software's functionality.

You might also want to run Windows Update. Windows 10 should update on its own, but Windows Update sometimes fails; occasionally perform a manual update to verify that Windows Update works correctly.

Most large organizations' desktop operating system deployments are image-based. It's a good idea to periodically rebuild images and make sure the new images contain the latest updates. That way, you won't deploy any images with outdated OS builds. If you don't update the images, newly deployed desktop operating systems can contain security vulnerabilities until Windows Update has a chance to run.

Next Steps

Security features in Windows 10

Windows 10 features vs. old OSes

Improve security with Windows Hello and Passport

Dig Deeper on Windows 10