SMB encryption required for outgoing connections in Windows 11

Administrators will be able to require SMB client encryption for all outgoing connections in Windows 11, as of today, when Insiders in the Beta Channel are receiving the Windows 11 Insider Preview Build 25982.

End-to-end data encryption is offered by SMB encryption, which may be activated for each share on the file server as a whole or when mapping drives with UNC Hardening, Windows Admin Center, or Windows PowerShell.

SMB 3.0 on Windows 8 and Windows Server 2012 was the initial version of this feature, and Windows 11 and Windows Server 2022 brought support for the AES-256-GCM cryptographic suites.

Windows administrators can protect against eavesdropping and interception threats by ensuring that all destination servers implement SMB 3.x and encryption. This way, the clients can only establish a connection if these requirements are satisfied.

According to Microsoft Principal Program Manager Ned Pyle, “you can now also configure the SMB client to always require encryption, no matter what the server, share, UNC hardening, or a mapped drive requires.”

“This means an administrator can globally force a Windows machine to use SMB encryption – and therefore SMB 3.x – on all connections and refuse to connect if the SMB server does not support either.”