Other security enhancements include increased use of virtualisation / Hyper-V, more use of control flow heuristics and making use of newer CPU functionality.
TPM is a good foundation and I would point out that our mobile devices have similar functionality.
I have had a little read now, so they enabling features already available by default such as HVCI.
It is a step forward security wise, although at the same time they will still have all the wrappers and no enabled by default Applocker.
I can understand more and more now why they doing this as a new windows version instead of just turning it on in Windows 10, these security features dont come free, I had stability issues in microsoft edge (large memory leaks) when it was using isolation during testing, and there is a performance impact, however we at a point where people have been soaking up the cpu performance hits for spectre and other cpu vuln patches, the hardware companies will be loving this as it will sell more hardware to overcome the performance hit.
They are also locking directstorage behind windows 11 keeping with the tradition of hiding gaming API's behind a new OS to get people to shift over.
Hopefully they solve the stability issues (it was a couple of years ago I tested so I expect will be improvements), and any performance hits are mitigated to minimal levels. I wont be an early adopter of course, I rarely am.
