In the past, Windows 10 security configuration was handled by users, resulting in a wide variety of configurations. Standardization has many benefits, so a security configuration framework has been developed that has helped simplify the process, providing users with sufficient flexibility to maintain the desired balance between security, productivity and user experience. A number of separate security configurations are defined at five levels, which are suitable for all common hardware modes seen today in the enterprise setting. When developing this framework, the question was asked what are the key considerations for today’s security professionals.
Security level priorities
“What can be done sooner?” This is a question that experts must always ask themselves. The challenge is never to determine what to do, but to choose the most important task for the next priority from a long list of previously specified.
We get a lot of questions from customers who are planning to implement Windows 10 and want to set the maximum number of security features possible. But because they have not yet implemented the implementation, they cannot use the guidance and guidance of the Microsoft ATP Secure Score that will be discussed later. Clearly, a key aspect of a security configuration framework is helping to manage a set of smart priorities.
Compare security balance
Understanding the security level of organizations is very important to them, and in terms of security, one can never achieve the highest score, because there is always room for improvement. What we really need is a cycle of continuous improvement. But without an overarching goal to follow, how can one find out how much progress is sufficient? Looking at the situation of others can make the process easier. Being the best in terms of security is ideal, but the worst is to be avoided. It is also worth noting that there are also unintended consequences of being the best, to be aware of. Security settings may conflict with productivity or user experience; for example, a software company cannot test written code because it is not yet on the list of enterprise secure applications!
The purpose of comparing security levels is not to create competition and not to mislead security executives. In fact, one of the things that should go deeply is to improve collaboration among individuals. The reason for this is that profiteers have created a highly effective collaboration system through business innovations in the Dark Web, an environment of distrust. If security managers do not cooperate with each other, they will be in a state of inequality.
Microsoft ATP security score
The Secure Score at Microsoft ATP is the way to go. Through the main recommendations, a prioritized list for device safety with a relative rating of the overall impact on the security situation is proposed. They are also looking at ways to make useful comparisons using this framework.
The Secure Score represents the best recommendations for protecting basic devices and more, and is aware of the exchange of content that is compromised by existing configuration and threats to the environment. Some of the frequently asked questions are: If organizations have not yet purchased Microsoft Defender ATP and cannot evaluate their Secure Score, as well as not implementing Windows 10 or knowing exactly how to configure a specific set of features Should provide Secure Score with a security configuration framework to help users in all of these.
Security Configuration Framework
The security configuration framework is designed to work precisely in this situation without the Secure Score. Finally, the question was asked, if there was no information about the organization’s environment, what security policies and controls would be proposed to implement those settings for the first time? Worked with a group of test clients, Microsoft engineering team and sales team to develop these suggestions, and to make a detailed list, the security recommendations were divided into coherent and discrete groups to allow customers to view the situation from a defensive position. Give. In the initial draft, five discrete levels of security configuration were defined. As with the division of DEFCON levels used by the US Armed Forces to determine alarms, fewer indicators reflect a more stringent security:
5 . Enterprise Security: This level of security is recommended as the minimum security configuration for an enterprise device. The recommendations at this level are generally simple and designed to run within 30 days.
4 . High-level enterprise security: These settings are recommended for devices that have users access sensitive or confidential information. Some controls may affect program compatibility and are therefore often performed through the audit workflow (configuration). Recommendations of this level are generally available to most organizations and can be implemented within 90 days.
3 . VIP Enterprise Security : This level of access is recommended for devices that have an organization with a larger or more complex security team or for specific users or groups exposed to unique risks. For example, an organization that steals information from some of its specific users can directly and severely affect its share price. An organization that is likely to be targeted by sophisticated, high-budget, high-profile opposition should use this configuration. Recommendations at this level of security configuration can be complex. For example, removing Admin Local access for some organizations can be a very long project and can often take up to 90 days.
2 . Workstation for DevOps : The setting for the development of developers and testers , who both attractive targets for attacks and attacks Supply Chain Stolen Credentials are recommended. This type of attack to access the server and the system that valuable data, or access to areas where problems could disrupt critical business functions, working. This level of security is still in development and will be announced when ready.
1 . Administrator Equipments and Systems : Administrators , especially administrators of identity systems or security systems, are most vulnerable to information theft, data tampering, or service disruption. This level of security is still in development and will be announced when ready.
How to choose access and security levels
If an organization already considers the key Windows security bases for providing the advanced level of security, which is also currently available for preview on Intune, Level 3, which includes these key bases as a base. If you are new to security issues, Level 5 is a great starting point. It can then strike a balance between better security at higher levels, readiness for programs as well as risk tolerance, as desired.