Windows 11 to Natively Include Core Security Telemetry, Easing Enterprise Monitoring

Microsoft is engineering a significant change for enterprise security by building the core telemetry capabilities of its popular Sysmon tool directly into Windows 11. This move, expected to reshape endpoint monitoring, means the detailed event logging that security teams currently add on will soon be a built-in feature of the operating system.

For years, the separately deployed Sysmon utility has been a foundational tool, capturing precise details on process creation, network activity, and file changes that native Windows logs miss. Its integration into the OS promises to reduce the substantial operational burden of deploying and maintaining the tool across thousands of machines. Updates and configuration would be handled through standard Windows management channels.

The shift also carries defensive advantages. When this level of observability is woven into the operating system itself, rather than running as a distinct service, it becomes more difficult for attackers to identify and disable without destabilizing the machine. This follows Microsoft's established pattern of embedding security deeper into the Windows kernel.

While the development promises to democratize high-quality telemetry, especially for smaller businesses, key details are pending. Security professionals are waiting to see if the native feature will match Sysmon's full range of 29 event types and its highly flexible configuration system, which allows teams to filter out noise. Until Microsoft provides these specifics and the feature reaches general availability, experts advise maintaining current Sysmon deployments while preparing to evaluate the new native capability.

Source: Webpronews