Latest Event Updates

Evaluating Windows Defender Antivirus with ConfigMgr

Posted on Updated on

A standard today’s threat landscape is to not rely on antivirus alone and other mechanisms of endpoint security should be in place to mitigate threats.  However,  having a solid AV is still beneficial. In the past year, Windows Defender Antivirus (WDAV) in Windows 10 and Server 2016 has made great strides to provide next-generation antivirus protection.  More and more organizations are beginning to realize this and consider using it to displace their age-old, costly platforms.

If you’re in the same position and are wondering how you might approach an evaluation of WDAV, consider the following high-level steps as I envision it.  First and foremost however, Microsoft has also published prescriptive guidance for evaluating WDAV outside of ConfigMgr, including a downloadable PDF.  I recommend reviewing that information in it’s entirety before taking action. It is also highly advised that you watch the recent session from Ignite 2017 – Next-Gen AV: Windows Defender Antivirus unleashed – BRK3063.

  1. Upgrade ConfigMgr to the current branch model to support the latest Windows 10 releases (note: please first ensure that you’re licensed for ConfigMgr current branch!!)
  2. Review and pre-determine the desired WDAV settings, such as:
    • Network bandwidth to override any BITS restrictions – note that any BITS client settings defined in these clients settings will override other client settings only if given a higher priority and will impact the rest of BITS configurations
    • Auto-uninstall other AV products
    • Real-time protection exclusions (ConfigMgr has templates available as well)
    • WDAV specific capabilities available in Win10 1703, such as:
      • Cloud protection options
      • Potentially unwanted programs
      • WDAV offline scanning
      • End-user interactions with the WDAV interface
      • End-user notifications
  3. Follow the 5 steps outlined for setup of ConfigMgr for WDAV management, which includes instructions for both server and clients, but does not include common instructions such as using collections, reporting, or setup of RBAC
    https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-protection-configure
  4. Additional ConfigMgr server/client setup considerations:
  5. Optional: Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment
    https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus

To test the WDAV deployment and functionality:

  1. Assign the WDAV ConfigMgr client policy to the collection
  2. Ensure policy is delivered and has the appropriate priority to take effect
  3. Verify prior AV is uninstalled and WDAV becomes active
  4. Monitor the user experience as well as one potential risk may be that the uninstall of prior AV may need a restart of Windows to ‘unload’ executions in memory
  5. Perform AV protection tests as desired using the WDAV testground (hosted by Microsoft) as well as other standard testing by your security personnel
  6. Review alerts in the ConfigMgr console and reports

Note: to learn more about the security defense in-depth, see some of these recent sessions.

Advertisements

Windows 10 News You Can Use – October 2017

Posted on

Win10NewsLogo

Windows 10 news you can use, October 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

Before getting into this month’s insights, Microsoft recently finished a great week at the Ignite conference.  Key Windows related announcements included:

Deployment & Management

1)      Celebrating 25 years of SMS / SCCM / ConfigMgr !!! https://blogs.technet.microsoft.com/enterprisemobility/2017/09/26/configmgr-25

2)      We are excited to announce co-management capabilities in Windows 10! Customers now can manage Windows 10 devices with Intune and Configuration Manager at the same time. This allows customers to transition to modern management at their own pace and in manageable steps: https://blogs.technet.microsoft.com/enterprisemobility/2017/09/25/maximizing-its-impact-with-microsoft-365-powered-devices

3)      Improvements to Windows 10 Dual-Scan capabilities. https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607

4)      Always On VPN and DirectAccess Features Comparison.  Use this topic to gain an understanding of how Windows 2016 and Windows 10 VPN features map to and improve upon legacy DirectAccess features. 
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-map-da

Security & Compliance

1)      Moving beyond EMET, part 2 – Windows Defender Exploit Guard https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard

2)      The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions, such as Office 365 Advanced Threat Protection or Windows Defender Advanced Threat Protection were safe from this attack without the need of additional updates. https://blogs.technet.microsoft.com/mmpc/2017/09/12/exploit-for-cve-2017-8759-detected-and-neutralized

3)      Ransomware H1 2017 in review: Global outbreaks reinforce the value of security hygiene.
https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene

4)      Is your organization ready for GDPR compliance? We’ve added important resources detail the security features and capabilities built into Windows 10 that can help you comply with GDPR and implement the technical and organizational security measures to help protect personal data. Included are two new Windows resources, Accelerate GDPR compliance with Windows 10 and Accelerate GDPR compliance with Windows Server 2016 white papers, that will help you plan and prepare for the GDPR deadline.
https://blogs.windows.com/windowsexperience/2017/09/25/windows-resources-to-help-support-your-gdpr-compliance

5)      With the Windows 10 Fall Creators Update, new Windows Defender ATP prevention capabilities were added, as well as capabilities to stop attacks as they happen, enabling companies to use the full power of the Windows security stack for preventative protection. This enables WDATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting WDATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. http://blogs.windows.com/business/2017/09/19/automated-response-for-windows-defender-atp

6)      Continuing with our commitment to privacy and data control, today we’re announcing privacy enhancements coming to the Windows 10 Fall Creators Update for consumers and commercial customers that further increase your access to information and provides you more control over what information is collected. https://blogs.windows.com/windowsexperience/2017/09/13/privacy-enhancements-coming-to-the-windows-10-fall-creators-update

7)      Microsoft is pleased to announce the draft release of the recommended security configuration baseline settings for Windows 10 “Fall Creators Update,” also known as version 1709, “Redstone 3,” or RS3. Please evaluate this proposed baseline and send us your feedback via blog comments below https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft

Productivity

1)      Microsoft Edge extensions, a year in review.  Microsoft shares a few updates on the progress that has been made since then, and a quick look at what’s planned for the future.
https://blogs.windows.com/msedgedev/2017/09/29/microsoft-edge-extensions-one-year-later

2)      Announcing Bing for business – a new intelligent search experience for Office 365 and Microsoft 365, which uses AI and the Microsoft Graph to deliver more relevant search results based on your organizational context. This new experience from Bing for your enterprise, school, or organization helps users save time by intelligently and securely retrieving information from enterprise resources such as company data, people, documents, sites and locations as well as public web results, displaying them in a single experience.
https://blogs.bing.com/search/2017-09/finding-what-you-need-at-work-just-got-easier-with-bing-for-business

3)      How often do you get an email or walk into a meeting not knowing much about the people you’re about to collaborate with? According to Microsoft more than half of the emails its users receive are from people outside their organization. We know how much relationships matter, and now with Profile Card in Microsoft Office 365, you’ll have a quick and easy way to find more information about the people you work with, all without having to leave your workflow. https://blog.linkedin.com/2017/september/250/adding-linkedin_s-profile-card-on-office-365-offers-a-simple-way

4)      What makes Windows 10 Creators Update the best version of Windows 10 ever? Quality. The top areas we consistently hear about through our feedback channels are around power, performance, and reliability. These fundamentals are key elements that users look for in a device and value because they impact their everyday use, like longer battery life, faster web browsing, streaming videos longer and device stability. As a result, the Creators Update is the most performant and reliable version of Windows 10 ever! I’m excited to share a number of improvements in fundamentals that Windows 10 devices enjoy after updating to the Creators Update. https://blogs.windows.com/windowsexperience/2017/09/20/windows-10-creators-update-best-version-windows-10-ever

5)      Windows 10 Tip: How to make Start full screen http://blogs.windows.com/windowsexperience/2017/09/11/windows-10-tip-make-start-full-scree

ConfigMgr Report for Antimalware Policies

Posted on Updated on

Let’s say for a moment that your organization uses SCCM for management of Windows Defender Antivirus (WDAV in Windows 10, Server 2016) or System Center Endpoint Protection (SCEP for legacy platforms).  Currently in SCCM (1706 or older) the only out-of-box mechanism to identify and report upon the antimalware policies being applied to a computer is through the SCCM console, such as in the image below.

ConsoleAntimalwarePolicies

What if the organization has a separate team or individual that needs that data – but you don’t want to provide them with the SCCM console?  You give them a report of course!  This quick guide will show you key things to do to obtain that info. The key steps are:

  1. Identify the SQL views being referenced by the SCCM console.
  2. Grant read permission of the SQL view to the SRSS reporting service account.
  3. Create the SRSS report.

Step 1: Identify the SQL views being referenced by the SCCM console.

  1. In the SCCM console, open the Antimalware Policies tab on the computer record
  2. Open the site server log SMSProv.log (and scroll to the end)
  3. Find the correlating “Execute SQL=” query to identify the SQL view(s) being used

    FindSQLqueryView

Step 2: Grant read permission of the SQL view to the SRSS reporting service account.

  1. Identify the service account being used by SCCM for SRSS reporting
    Tip: navigate to Administration > Security > Accounts, then locate the account being used for “ConfigMgr Reporting Services Point”
  2. Open SQL Management Studio (with a user account that has permissions to modify SQL permissions) and select the SCCM database
  3. Run the following GRANT command against the SCCM database
GRANT SELECT ON [dbo].[vSMS_G_SYSTEM_AmPolicyStatus] TO "DOMAIN\user"

GrantSQLview

Step 3: Create the SRSS report.  First off, there are many different ways that you can design the report.  To mimic what the SCCM console does, I usedan existing report with a selection box for the Computer Name, then just modified the executing query.

    1. Used report “Computer information for a specific computer” as an example baseline for selecting the computer name for a variable.
    2. Create a new report (using SQL Report Builder) to mimic the above report with the appropriate Data Source, Data Set(s), and Parameters

      AntimalwareReportBuilder

    3. Modified the SQL query to use the following code
SELECT APS.Name, APS.Priority, APS.LastMessageTime, @variable AS 'Computer Name'
FROM vSMS_G_SYSTEM_AmPolicyStatus as APS
JOIN v_R_System as SYS on APS.MachineID = SYS.ResourceID
WHERE SYS.Name0 = @variable
  1. Test execute the report to confirm the results
    Tip: in Report Builder, click the Run button on the Home tab
  2. Save, finish, and report!

AntimalwareReportResults

Windows 10 News You Can Use – September 2017

Posted on Updated on

Win10News

First and foremost, the next update of Windows 10, the Fall Creators Update, will be available worldwide October 17. With the Fall Creators Update (aka RS3, aka v1709) we are introducing some fun, new ways to get creative. As part of the update we will deliver an evolution to the photos experience that will let you tell your story like never before using photos, videos, and 3D effects; enhancements in gaming, security, accessibility, and immersive new experiences made possible by Windows Mixed Reality. All of this innovation will be brought to life by a range of beautifully designed, and feature rich modern devices available from our hardware partners this holiday.
https://blogs.windows.com/windowsexperience/2017/09/01/create-and-play-this-holiday-with-the-windows-10-fall-creators-update-coming-oct-17

Deployment & Management

  1. Learn how Windows 10 can support your compliance with the European Union (EU) General Data Protection Regulation (GDPR) as well as approaches, recommended practices and techniques to support your GDPR compliance journey. https://www.microsoft.com/en-us/download/details.aspx?id=55765
  2. This new demo from Microsoft Mechanics walks you through common usage scenarios for Windows Analytics Update Compliance, a cloud-based solution that provides you with an inventory of the devices in your organization, the version of Windows installed on each device, the update status of each device, and antimalware assessment for Windows Defender Antivirus-enabled devices. https://blogs.technet.microsoft.com/windowsitpro/2017/08/10/new-demo-windows-analytics-update-compliance
  3. The Microsoft Intune team is excited to announce the ability to deploy Office 365 ProPlus applications to Windows 10 devices from the cloud with Intune. https://blogs.technet.microsoft.com/enterprisemobility/2017/08/10/deploying-office-365-proplus-with-microsoft-intune
  4. Preview of the Microsoft Store for Business PowerShell module.  Use the module to view purchased items, manage licenses, perform bulk operations. https://docs.microsoft.com/en-us/microsoft-store/microsoft-store-for-business-education-powershell-module
  5. Connect with members of the product engineering teams who will be on hand to answer your questions and listen to feedback about Upgrade Readiness, Update Compliance, Device Health, and how these services can help you reduce the costs associated with deploying, servicing, and supporting Windows 10. https://myeventurl.azurewebsites.net/events/Details/276

Security

  1. Is your staff handling your corporate data with care? Window Information Protection helps Microsoft IT know when employees are sending corporate data to non-corporate locations—and it helps people protect sensitive content and corporate assets. On Wednesday September 6th, learn how Windows Information Protection works to provide data security in our highly mobile and collaborative business culture, and prepare to deploy, configure, and manage it for data loss prevention in your environment. https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x22413939980
  2. Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Windows 10 “Creators Update” also known as version 1703, “Redstone 2,” or RS2. https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final
  3. How Microsoft’s IT uses Windows Defender Antivirus.
  4. New Microsoft documentation on Windows Defender Application Guard. https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview
  5. Windows Defender Exploit Guard (WDEG) which will complete our journey to incorporate all of the security benefits of EMET directly into Windows. This effort was significantly influenced by two insights that came up most frequently in our survey data, customer support calls, and conversations with EMET stakeholders and security enthusiasts. More than anything else, our customers have expressed that they want (1) a user-friendly UI for configuring mitigation settings and (2) a way to protect their legacy apps on Windows 10. https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard
  6. Microsoft explores the machine learning techniques that have transformed Windows Defender ATP into a formidable solution for spotting all kinds of breach activity in the enterprise network. https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity
  7. Windows 10 protects against tech support scams, no matter the vector. https://blogs.technet.microsoft.com/mmpc/2017/08/07/links-in-phishing-like-emails-lead-to-tech-support-scam

Productivity

  1. Windows 10 Pro for Workstations is a high-end edition of Windows 10 Pro, comes with unique support for server grade PC hardware and is designed to meet demanding needs of mission critical and compute intensive workloads. https://blogs.windows.com/business/2017/08/10/microsoft-announces-windows-10-pro-workstations
  2. Windows 10 Tip: Five ways to personalize notifications on your PC. http://blogs.windows.com/windowsexperience/2017/08/28/windows-10-tip-five-ways-personalize-notifications-pc
  3. Windows 10 Tip: Three ways to get started with OneNote. https://blogs.windows.com/windowsexperience/2017/08/21/windows-10-tip-three-ways-get-started-onenote
  4. Windows 10 Tip: Turn text into timelines in PowerPoint. https://blogs.windows.com/windowsexperience/2017/08/14/windows-10-tip-turn-text-timelines-powerpoint
  5. Available later this year, a collaboration between Microsoft and Amazon will allow you to access Alexa via Cortana on Windows 10 PCs, followed by Android and iOS in the future. Conversely, you’ll be able to access Cortana on Alexa-enabled devices like the Amazon Echo, Echo Dot and Echo Show. https://blogs.microsoft.com/blog/2017/08/30/hey-cortana-open-alexa-microsoft-amazons-first-kind-collaboration

 

Risks and Considerations for Win10 LTSC over Win10 Current Channel

Posted on Updated on

It’s no secret that with the introduction of Windows 10 that Microsoft has moved into the direction of releasing new feature updates twice per year, which is commonly referred to as Windows as a Service.  An organization could be faced with challenges around the frequency, size, and the new administrative cadence of feature updates to Windows (even though Microsoft has done and is doing great work to address these challenges).

In light of these challenges, it can be tempting for an organization to try to “standardize” on version of Windows 10 that is supported for 10 years.  This version is called the Long Term Servicing Branch Channel, or LTSC for short, and is designed for “Specialized systems—such as PCs that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization.”  (Side note that the nomenclature usage of the word “Branch” was recently dropped

While it may sound great that there is a version of Windows 10 which is supported for 10 years, there are many considerations and risks with trying to use it across the board.  This posting is an attempt to pull together and consolidate disparate references to help highlight, educate, and inform on Win10 LTSC for general production use.  Even Gartner says Rethink Windows 10 LTSB Deployment Based on Microsoft’s Updated Guidance.

Consideration #1

General guidelines state that devices that fulfill the following criteria are considered general-purpose devices and should be paired with Windows 10 using the Current Channel servicing option:

  • Devices that run productivity software such as Microsoft Office
  • Devices that use Windows Store applications
  • Devices that are used for general Internet browsing
    (for example, research or access to social media)

Reference: https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#long-term-servicing-channel

Consideration #2

Support for the latest processor / chipsets:

  • LTSC will support the currently released silicon at the time of release of the LTSC version
  • As future silicon is released, support will be created through future LTSC releases that customers can deploy for those systems
  • This enables Microsoft to focus on deep integration between Windows and the silicon, while maintaining maximum reliability and compatibility with previous generations of platform and silicon

Implications:

  • Multiple LTSC versions would be required to be used and managed within the organization for the life of the hardware
  • Hope you’re ready to buy hundreds or thousands of computers with supported chipsets to just keep on hand

Consideration #3

LTSC, being that it’s code base and features are set “in stone” for 10 years and will not be modified, then it will be unable to keep up with current security capabilities and needs.  Case in point, the LTSB 2015 and 2016 releases do not have support for the following, only the current channels of Win10.  This would further widen the security gap of an organization until they are added into a future LTSC release (which is only every few years).

Consideration #4

Windows Analytics provides data-driven insights that reduce the cost of deploying, servicing, and supporting Windows 10.  It gives an organization actionable information to help gain deep insights into operational efficiency and the health of Windows 10 devices in the environment. But Windows 10 LTSC is not supported.  The three tools include:

  • Upgrade Readiness (general availability) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements.
  • Update Compliance (public preview) provides a unified view of Windows Update and Windows Defender Antivirus compliance for Windows 10 devices, regardless of the management solution being used. It allows organizations to keep their devices secure and up-to-date, track protection and threat status, and monitor update deployments and troubleshoot issues as they arise.
  • Device Health (public preview) provides proactive insights to help detect and remediate end-user impacting issues. This new service uses telemetry data to provide such insights without additional infrastructure requirements. Proactively remediating end-user issues enables you to reduce support costs and improve efficiency.

Consideration #5

Examples of functionality missing that was included in the Windows 10 Creators Update (1703) in April 2017 include the following.  For each and every release of Windows 10, this list would grow.

Consideration #6

Various other limitations

  1. Fewer non-security and reliability fixes
  2. Visual Studio is not supported on LTSC
  3. Office ProPlus (traditional MSI) is highly recommended, and not using Office 365 ProPlus (aka click-to-run) on LTSC
  4. In-place upgrade of Win7 to LTSC is not supported – a full reimage, backup/restore of data and applications, just like the old days
  5. Depending upon IHV and ISV, there may be support and limitations on LTSC
  6. Doesn’t contain in-box apps, such as Store, Calculator, Photos, Camera, Music, Clock, and Edge – and yes, Edge is also a more secure browser

Consideration #7

Core Surface device experiences are impacted.

  • Windows Feature Updates, including enhancements such as:
    • Improvements to Direct Ink and palm rejection provided in Windows 10 1607
    • Improved support for high DPI applications provided in Windows 10 1703
  • Pressure sensitivity settings provided by the Surface app
  • The Windows Ink Workspace
  • Key touch-optimized in-box applications including Microsoft Edge, OneNote, Calendar, and Camera
  • Driver and firmware updates are not explicitly tested against releases of Windows 10 Enterprise LTSC
  • If you encounter problems, Microsoft Support will provide troubleshooting assistance. However, due to the servicing nature of the Windows LTSC, issue resolution may require that devices be upgraded to a more recent version of Windows 10 Enterprise LTSC, or to Windows 10 Pro or Enterprise with the Current Channel servicing option.

Summary

In summary, in this blog post I have tried to outline evidence to support you in your decision making process for choosing Windows 10 Current Channel over LTSC.  I hope that it leads to the proper choice for you!  Points covered were

  1. Guidelines of what is a general use device vs. a specialized device
  2. Support for the latest processor / chipsets
  3. Security features that are not present in LTSC
  4. Windows Analytics for data-driven insights, is not supported
  5. Example of missing functionality that was delivered in Windows 10 Creators Update (1703)
  6. Various other limitations and their potential impact
  7. Core Surface device experiences are impacted

 

Windows 10 News You Can Use – August 2017

Posted on Updated on

Windows 10 news for August 2017. Categories:

deployment | security | productivity | windows insider highlights

Deployment & Management

  1. Details have been released as to which processors can be used with Windows products (including Custom Images). For each listed edition, your company must use only the processors listed, as specified in the table below. The requirements below apply whenever the edition below is pre-installed or provided on external media, including as downgrade or down edition software.
    https://docs.microsoft.com/en-us/windows-hardware/design/minimum/windows-processor-requirements
  2. Recommended settings and configurations for Win10 VDI desktops
    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-vdi-recommendations
  3. Features that are removed or deprecated in Windows 10 Fall Creators Update
    https://support.microsoft.com/sr-latn-rs/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up
  4. As part of the alignment with Windows 10 and Office 365 ProPlus, we are also adopting common terminology to make it as easy as possible to understand the servicing process.  The names Current Branch (and CB for Business) and Long-Term Servicing Branch (LTSB) are being replaced with Semi-Annual Channel and Long-Term Servicing Channel.
    https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned
  5. Now Available: Update 1706 for System Center Configuration Manager
    https://blogs.technet.microsoft.com/enterprisemobility/2017/07/28/now-available-update-1706-for-system-center-configuration-manager
  6. For the past several months, Microsoft has shared insights on our roll out approach for Windows 10 Creators Update (version 1703). We’re now moving from a targeted offering to full availability for all compatible devices running Windows 10 Creators Update globally via Windows Update. Similarly, our commercial customers should feel confident to deploy this release broadly across their organizations.
    http://blogs.windows.com/windowsexperience/2017/07/27/windows-10-creators-update-fully-available-for-all-windows-10-customers
  7. IT use has evolved. The modern workplace encompasses multiple device platforms, user- and business-owned devices, and the ability for users to work anywhere. Transforming the process for deploying new Windows 10 PCs is an important part of Microsoft’s vision for modern IT.
    https://info.microsoft.com/en-us-landing-ondemand-ModernizethedeploymentprocesswithWindowsAutoPilot.html
  8. Last month Microsoft announced Windows Analytics Device Health, the latest addition to the suite of Windows Analytics functionality designed to ensure employees have the best possible experience with Windows 10.  Through the proactive insights provided by Device Health, we believe we can help you save time and money by reducing helpdesk calls and keeping employees productive.  We are happy to announce that the public preview of Windows Analytics Device Health is available for you to try.
    https://blogs.technet.microsoft.com/windowsitpro/2017/07/31/try-device-health-now

Security

  1. After October 10, 2017, Windows 10 devices running version 1511 will no longer receive security and quality updates. Microsoft recommends updating devices to the latest version of Windows 10.
    https://support.microsoft.com/en-us/help/4035050
  2. Microsoft IT looked to the capabilities of the cloud to help address the challenges of monitoring and protecting the corporate network from advanced adversaries and threats. Windows Defender Advanced Threat Protection (ATP) combines built-in behavioral sensors, machine learning, and security analytics that quickly adapt to changing threats.
    https://www.microsoft.com/itshowcase/Article/Content/935/Windows-Defender-ATP-helps-analysts-investigate-and-respond-to-threats
  3. Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware. In Windows 10 Creators Update, the Windows Defender AV client uploads suspicious files to the cloud protection service for rapid analysis. Our ability to make a swift assessment of new and unknown files allows us to protect customers from malware the first time we see it.
    https://blogs.technet.microsoft.com/mmpc/2017/07/18/windows-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/
  4. Solving the TLS 1.0 Problem – This document presents guidance on rapidly identifying and removing Transport Layer Security (TLS) protocol version 1.0 dependencies in software built on top of Microsoft operating systems. It is intended to be used as a starting point for building a migration plan to a TLS 1.2+ network environment.
    https://www.microsoft.com/en-us/download/details.aspx?id=55266
  5. With Windows 10, your needs have guided our product development. We’ve designed Windows 10 to be the safest, most secure Windows yet. Our goals are to simplify IT administration and to deliver more personal and productive experiences with a lower total cost of ownership (TCO) on modern, powerful devices. Find out how your organization can prepare for today’s security threats.
    https://www.microsoft.com/en-us/WindowsForBusiness/Windows-security
  6. Microsoft would like to provide you with the latest information to keep you up-to-date with modern security advancements from Windows, through the latest Modern Security Information Kit.
    https://info.microsoft.com/ModernSecurityInformationKit.html

Productivity

  1. We’re excited to introduce you to the Microsoft Modern Keyboard with Fingerprint ID, a premium quality keyboard that brings the convenience and security of Windows Hello fingerprint sign-in to any PC running Windows 10. With the new Microsoft Modern Keyboard with Fingerprint ID, you can use your finger to sign into your Windows devices, and compatible apps**, with Windows Hello in less than 2 seconds – that’s 3 times faster*** than a password that you have to remember and type in.
    https://blogs.windows.com/devices/2017/07/27/introducing-new-microsoft-keyboard-brings-windows-hello-windows-10-pc
  2. If there’s anything we learned, it’s that after 32 years, MS Paint has a lot of fans. It’s been amazing to see so much love for our trusty old app. Amidst today’s commentary around MS Paint we wanted to take this opportunity to set the record straight, clear up some confusion and share some good news: MS Paint is here to stay, it will just have a new home soon, in the Windows Store where it will be available for free.
    https://blogs.windows.com/windowsexperience/2017/07/24/ms-paint-stay

Windows Insider Highlights

  1. Beginning in the Windows 10 Fall Creators Update, we intend to disable VBScript execution in IE 11 for websites in the Internet Zone and the Restricted Sites Zone by default, to provide a more secure experience.
    https://blogs.windows.com/msedgedev/2017/07/07/update-disabling-vbscript-internet-explorer-11
  2. The End of an Era – Adobe announced that Flash will no longer be supported after 2020. Microsoft will phase out support for Flash in Microsoft Edge and Internet Explorer ahead of this date.
    http://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline

Win10 News You Can Use – July 2017

Posted on Updated on

June was an active month for Windows 10 advancements, new resources, and security events!  For this edition of the “news you can use”, I’ve broken it into categories for deployment | security | productivity | windows insider feature highlights.

Deployment & Management

  1. MDOP servicing update released in March 2017, which includes updates for things like MBAM 2.5 SP1 support for SQL Server 2016 SP1.
    https://support.microsoft.com/en-us/help/4014009/march-2017-servicing-release-for-microsoft-desktop-optimization-pack
  2. Demystifying Windows as a Service – David das Neves (PFE for Microsoft Germany) shares his current experience and guidance for organizational preparation for WaaS.
    https://blogs.msdn.microsoft.com/daviddasneves/2017/06/18/demystifying-windows-as-a-service-wake-up-please
  3. Introducing a new service to the Windows Analytics suite – Device Health. Device Health functionality is designed to ensure employees have the best possible experience with Windows 10.  To achieve that goal, it helps identify issues that could affect a person’s experience, before they may even notice, while also identifying steps needed to resolve those issues proactively.  This reduces helpdesk calls and support costs, saving time and money.
    https://blogs.windows.com/business/2017/06/29/delivering-modern-promise-windows-10 (read the Proactive Insights section)
  4. Windows AutoPilot is a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. With Windows AutoPilot, IT professionals can customize the Out of Box Experience (OOBE) for Windows 10 PCs and enable end users to take a brand-new Windows 10 device and—with just a few clicks—have a fully-configured device ready for business use. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Most importantly, users can go through the process independently, without making any decisions and without needing to involve IT.  Furthermore, an upcoming WEBINAR on Modernize the deployment process with Windows AutoPilot
    https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot
    https://www.youtube.com/watch?v=JrEU84KK2lQ
    https://blogs.windows.com/business/2017/06/29/delivering-modern-promise-windows-10
  5. Modern management of Internet-based clients using SCCM.
    https://blogs.technet.microsoft.com/arnabm/2017/06/10/modern-management-of-internet-clients
  6. Videos and setup guides for Upgrade Readiness in the Windows Analytics suite.
    https://blogs.technet.microsoft.com/windowsitpro/2017/06/07/setup-guides-for-windows-analytics-upgrade-readiness
  7. One-hour “Ask Microsoft Anything” event upcoming about Windows 10 management at 9:00 a.m. Pacific Time on July 25th. Members of the Windows engineering and product teams will be standing by to answer your questions.  Note: You must be a member of Tech Community to post questions so save the date for the AMA event and visit http://aka.ms/community/Windows10 to join the Windows 10 Tech Community today.
    https://myeventurl.azurewebsites.net/events/Details/246

Security

  1. EMET protections coming to Windows 10 RS3 (branded as Windows Defender Exploit Guard)!
    https://blogs.windows.com/business/2017/06/27/announcing-end-end-security-features-windows-10
  2. Microsoft Mechanics video highlighting the RS3 capability for Windows Defender Application Guard.
    https://www.youtube.com/watch?v=J7fSeYEftRE
  3. New ransomware, old techniques: Petya adds worm capabilities – analysis and recommendations.  Plus, Windows 10 resilience against the Petya ransomware attack.
    https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities
    https://blogs.technet.microsoft.com/mmpc/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack
  4. Find out how to prevent and contain cyberattacks across email and endpoints with Windows Defender Advanced Threat Protection (Windows Defender ATP) and Office 365 ATP.  This new demo explains how these technologies work together to help detect and prevent attacks, and how—if an attack makes it through your defenses—they can help you contain the threat and take immediate action.
    https://blogs.technet.microsoft.com/windowsitpro/2017/06/12/new-demo-advanced-threat-protection-across-windows-10-and-office
  5. What’s new and coming to Windows Defender ATP in Win10 RS3.
    https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update
  6. Microsoft is pleased to announce the beta release of the recommended security configuration baseline settings for Windows 10 “Creators Update”.
    https://blogs.technet.microsoft.com/secguide/2017/06/15/security-baseline-for-windows-10-creators-update-v1703-draft
  7. Microsoft reluctantly announces the retirement of the Security Compliance Manager (SCM) tool. At the same time, we are reaffirming our commitment to delivering robust and useful security guidance for Windows, and tools to manage that guidance.
    https://blogs.technet.microsoft.com/secguide/2017/06/15/security-compliance-manager-scm-retired-new-tools-and-procedures
  8. The Microsoft Security Configuration Toolkit (replacing SCM as noted above) enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a Domain Controller or inject them directly into testbed hosts to test their effects.  The Security Configuration Toolkit consists of two tools, Policy Analyzer and LGPO, and a set of configuration baselines for different releases of Windows.
    https://www.microsoft.com/en-us/download/details.aspx?id=55319

Productivity

  1. Improving input responsiveness in Microsoft Edge.  With EdgeHTML 15 and the Windows 10 Creators Update, Microsoft Edge takes a big leap forward in how it schedules JavaScript work, leading to noticeable improvements in the usability, responsiveness, and performance of the modern web.
    http://blogs.windows.com/msedgedev/2017/06/01/input-responsiveness-event-loop-microsoft-edge
  2. Windows 10 tip: Organize your Start files with new tile folders.
    http://blogs.windows.com/windowsexperience/2017/06/05/windows-10-tip-organize-start-files-new-tile-folders

Windows Insider Feature Highlights

  1. Windows 10 and SMB1: As part of a multi-year security plan, we are removing the SMB1 networking protocol from Windows by default. This build has this change, however the change only affects clean installations of Windows, not upgrades. We are making this change to reduce the attack surface of the OS.
    https://blogs.windows.com/windowsexperience/2017/06/21/announcing-windows-10-insider-preview-build-16226-pc
  2. Windows Defender Application Guard (WDAG) Improvements.
    https://blogs.windows.com/windowsexperience/2017/06/28/announcing-windows-10-insider-preview-build-16232-pc-build-15228-mobile
  3. Introducing Controlled folder access in Windows Defender Antivirus: making it easier for you to protect valuable data from malicious apps and threats, such as ransomware.
    https://blogs.windows.com/windowsexperience/2017/06/28/announcing-windows-10-insider-preview-build-16232-pc-build-15228-mobile
  4. OneDrive files on-demand now available for Windows Insiders.
    http://blogs.windows.com/windowsexperience/2017/06/13/onedrive-files-demand-now-available-windows-insiders