Microsoft publishes security configuration suggestions for the Enterprise - gHacks Tech News

Microsoft publishes security configuration suggestions for the Enterprise

Microsoft published a new security configuration framework for Windows 10 devices that it calls SECCON framework in April 2019. The new framework complements the Windows security baselines that Microsoft publishes for each new release of Windows.

SECCON framework configurations are designed specifically for organizations that don't implement the published security baselines.

The new framework organizes devices into productivity and privileged access devices, and provides security configurations for each based on the classification. The configurations offer generic recommendations that are not specific to certain environments.

seccon framework

The first three levels suggest policies for productivity devices, the last two for privileged access workstations

  • Level 5: Enterprise security -- Minimum security configuration for Enterprise devices.
  • Level 4: Enterprise high security -- Security configuration for devices where users access sensitive or confidential information.
  • Level 3: Enterprise VIP security -- Configuration for organizations with a "larger or more sophisticated security team" or high-risk users.
  • Level 2: DevOps workstation -- Configuration for testers and developers who may be targeted specifically.
  • Level 1: Administrator workstation -- Security configuration for the highest risk class.

Security configurations may be more restrictive in the lower levels because of risk levels associated with each device type.

Recommendations for each level are divided into the three categories policies, controls, and behaviors.

Policies suggest configuring certain security policies on devices such as enforcing a minimum password length, password complexity requirements, disabling guest accounts, certain firewall rules, or limiting certain rights to specific user groups.

Policies are divided into several categories such as security template, advanced audit, Windows Defender Firewall, or Computer.

The Controls group suggests the use of certain security features or applications; Level 5 controls suggest to configure certain Windows Defender features such as Credential Guard or Application Guard, and to make Microsoft Edge and not Internet Explorer the default browser.

Behaviors define security processes such as installing security updates in a certain number of days after release or removing as many users as possible from the administrator group.

Closing Words

Enterprise customers are the main target for SECCON framework security suggestions but home users and small businesses may use the provided information and recommendations as well to secure devices. (via ZDNet)

Summary
Microsoft publishes security configuration suggestions for the Enterprise
Article Name
Microsoft publishes security configuration suggestions for the Enterprise
Description
Microsoft published a new security configuration framework for Windows 10 devices that it calls SECCON framework in April 2019.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Anonymous said on April 15, 2019 at 7:44 pm
    Reply

    Is anyone planning on using these in an enterprise environment?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.

Be polite: we do not allow comments that threaten or harass, or are personal attacks. Please leave politics and religion out of discussions!