A new security feature (though this is not enabled by default) has been introduced in the newly released Windows 11 22H2 update. Enhanced Phishing Protection is more targeted towards enterprise users as phishing attacks are the most common way hackers/attackers breach corporate networks.
In some cases, simply typing your password in a phishing login form, and not submitting them, is enough for them to be stolen by threat actors.
To combat this behavior, Microsoft introduced a new feature called ‘Enhanced Phishing Protection’ that warns users when they enter their Windows password on a website or enter it into an insecure application.
When enabled, Microsoft will detect when you enter your Windows password and then issue a warning prompting you to remove the password from an insecure file or, if entered on a site, to change your Windows password.
Also important to note this feature only works if users are logging in with their Windows password and not using Windows Hello (PIN).
