Microsoft publishes security configuration suggestions for the Enterprise
Microsoft published a new security configuration framework for Windows 10 devices that it calls SECCON framework in April 2019. The new framework complements the Windows security baselines that Microsoft publishes for each new release of Windows.
SECCON framework configurations are designed specifically for organizations that don't implement the published security baselines.
The new framework organizes devices into productivity and privileged access devices, and provides security configurations for each based on the classification. The configurations offer generic recommendations that are not specific to certain environments.
The first three levels suggest policies for productivity devices, the last two for privileged access workstations
- Level 5: Enterprise security -- Minimum security configuration for Enterprise devices.
- Level 4: Enterprise high security -- Security configuration for devices where users access sensitive or confidential information.
- Level 3: Enterprise VIP security -- Configuration for organizations with a "larger or more sophisticated security team" or high-risk users.
- Level 2: DevOps workstation -- Configuration for testers and developers who may be targeted specifically.
- Level 1: Administrator workstation -- Security configuration for the highest risk class.
Security configurations may be more restrictive in the lower levels because of risk levels associated with each device type.
Recommendations for each level are divided into the three categories policies, controls, and behaviors.
Policies suggest configuring certain security policies on devices such as enforcing a minimum password length, password complexity requirements, disabling guest accounts, certain firewall rules, or limiting certain rights to specific user groups.
Policies are divided into several categories such as security template, advanced audit, Windows Defender Firewall, or Computer.
The Controls group suggests the use of certain security features or applications; Level 5 controls suggest to configure certain Windows Defender features such as Credential Guard or Application Guard, and to make Microsoft Edge and not Internet Explorer the default browser.
Behaviors define security processes such as installing security updates in a certain number of days after release or removing as many users as possible from the administrator group.
Enterprise customers are the main target for SECCON framework security suggestions but home users and small businesses may use the provided information and recommendations as well to secure devices. (via ZDNet)
Is anyone planning on using these in an enterprise environment?