Windows 11 22H2 has now been pushed out for Microsoft Windows Insider users and contains a number of new features and improvements, one of which is not well known, the Brute Force Attack Protection feature.
David Weston, Microsoft’s vice president of operating system security and enterprise, tweeted today about the new security measures in Windows 11. He said that Windows 11 22H2 uses brute force attack protection by default, and that Windows will lock the system after ten failed attempts to guess a local password.
Win11 now has a default account lockout policy to mitigate RDP (Remote Desktop Protocol) and other brute force password vectors. This technique is very commonly used in human-operated ransomware and other attacks, and this control will make brute force cracking more difficult.
Microsoft had included this policy in earlier versions of Windows, then removed it until Windows 11 22H2 (22528.1000 and later) when it was added back.