Latest Event Updates

Windows 10 News You Can Use – February 2018

Posted on

 Win10NewsLogo Windows 10 news you can use, February 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other news related to Windows 10…

Deployment & Management
  1.  Windows 10 1709 is now designated as a Semi-Annual Channel release (e.g. formerly known as Current Branch for Business).
    http://blogs.windows.com/windowsexperience/2018/01/11/windows-10-fall-creators-update-1709-fully-available
  2. To gain insights into the health and performance of more than 300,000 Windows 10 devices, Microsoft began using Device Heath, a new service in Windows Analytics. Available through the Microsoft Operations Management Suite, Device Health analyzes telemetry and provides details about device and driver crashes. This data helps us monitor our environment and quickly resolve issues. https://www.microsoft.com/itshowcase/Article/Content/961/Improving-reliability-with-Windows-Analytics-Device-Health
  3. Collecting members of the Local Administrators group via SCCM. https://blogs.technet.microsoft.com/benjamin/2018/01/27/collecting-members-of-the-local-administrators-group
  4. An important feature for desktop application developers is the ability to view detailed analytics about application performance and its popularity with users. Until today, developers had difficulty accessing these analytics without cobbling together multiple tools. With the new Windows Desktop Program, developers now have a convenient, one-stop portal to view their desktop application analytics or access the data via an API. Statistics and charts quickly show how the applications are doing– from how many customers they’ve reached to detailed performance data on crashes and failures. With these analytics, developers can better track and prioritize fixes, monitor the distribution of their application, prepare and improve the overall experience for their customers. http://blogs.windows.com/buildingapps/2018/01/23/introducing-windows-desktop-program-desktop-application-analytics
Security & Compliance
  1. Get an end-to-end look at the security features and technologies in Windows 10 that can help you protect your data, devices, and identity. Join Windows Security Senior Product Manager Chris Hallum as he walks you through the features and tools that have shipped to date and provides insight into what’s to come. This one-hour webcast will take from place Tuesday, February 6th from 10:00 a.m. to 11:00 a.m. Pacific Time and will cover protecting data on lost and stolen devices, replacing passwords with multi-factor authentication, using data separation, containment, and encryption to help prevent accidental data leaks, and much more. https://blogs.technet.microsoft.com/windowsitpro/2018/01/04/save-the-date-windows-10-security-webcast-feb-6
  2. Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems.  Terry Myerson, Executive Vice President, Windows and Devices Group describes the discovered vulnerabilities as clearly as possible, discusses what customers can do to help keep themselves safe, and shares what Microsoft has learned so far about performance impacts. https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems
  3. Windows 10: Multi-layer defense against ransomware attacks. The year 2017 saw three global ransomware outbreaks driven by multiple propagation and infection techniques that are not necessarily new but not typically observed in ransomware. While there are technologies available on Windows 7 to mitigate attacks, Windows 10’s comprehensive set of platform mitigations and next-generation technologies cover these attack methods. https://cloudblogs.microsoft.com/microsoftsecure/2018/01/10/a-worthy-upgrade-next-gen-security-on-windows-10-proves-resilient-against-ransomware-outbreaks-in-2017
  4. Customers that deployed Microsoft’s security baseline for Windows 10 v1709 might have experienced device and component failures. The BitLocker GPO settings recommended in the Windows security configuration baselines for Windows 10 include enabling “Disable new DMA devices when this computer is locked” to defend against Direct Memory Access (DMA) attacks. Windows’ internal implementation underlying that Group Policy setting was modified for v1709 to strengthen its enforcement. However, the change inadvertently led to some device and component failures on v1709 that are described in KB article 4057300, including potential problems with network adapters, audio devices, and pointing devices. https://blogs.technet.microsoft.com/secguide/2018/01/18/issue-with-bitlockerdma-setting-in-windows-10-fall-creators-update-v1709
  5. Exposing fileless malware attacks with Windows Defender ATP and mitigating attacks against the endpoint with next-gen security technologies in Windows 10. https://cloudblogs.microsoft.com/microsoftsecure/2018/01/24/now-you-see-me-exposing-fileless-malware
  6. Data privacy will continue to be a priority towards making Windows 10 the best and most secure experience. From improving in-product control, transparency and information about your privacy, while providing a complete list of the diagnostic data collected at the Basic level, among others, to launching the Microsoft Privacy Dashboard and the enhancements we’ve made since then, we want you to be able to easily see and manage your activity data online across multiple Microsoft services. http://blogs.windows.com/windowsexperience/2018/01/24/microsoft-introduces-new-privacy-tools-ahead-of-data-privacy-day
  7. Looking for information on how Windows 10 Enterprise can enable and support HIPAA compliance, privacy, and security? Download the latest version of the “HIPAA Compliance with Microsoft Windows 10” white paper, which now includes the updates found in Windows 10, version 1709. https://blogs.technet.microsoft.com/windowsitpro/2018/01/09/hipaa-compliance-with-windows-10-enterprise
  8. Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attacks. In 2017, among the global enterprise customers that we worked with, these rapid cyberattacks took down most or all IT systems in just about one hour, resulting in $200M – 300M USD of damage at several customers. https://cloudblogs.microsoft.com/microsoftsecure/2018/01/23/overview-of-rapid-cyberattacks
  9. There has been an increase in free versions of programs that purport to scan computers for various errors, and then use alarming, coercive messages to scare customers into buying a premium version of the same program. Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. https://cloudblogs.microsoft.com/microsoftsecure/2018/01/30/protecting-customers-from-being-intimidated-into-making-an-unnecessary-purchase
Productivity
  1. Windows 10 Tip: Add 3D to your PowerPoint presentation in 5 steps http://blogs.windows.com/windowsexperience/2018/01/29/windows-10-tip-add-3d-powerpoint-presentation-5-steps
  2. Windows 10 Tip: Get started with the Mixed Reality Viewer app. http://blogs.windows.com/windowsexperience/2018/01/08/windows-10-tip-get-started-mixed-reality-viewer-app
  3. Easily and securely manage devices –  Windows 10 helps to manage devices efficiently and cost effectively while reducing business disruptions, as you make new devices available to your employees. https://fasttrack.microsoft.com/microsoft365/productivitylibrary/Easily-and-securely-manage-devices
  4. Fuel your creativity with powerful devices and apps – Use Surface Studio and Windows 10 to transform the way you sketch, model, and share your creative ideas. https://fasttrack.microsoft.com/microsoft365/productivitylibrary/Fuel-your-creativity-with-powerful-devices-and-apps
  5. Use your device like a PC to stay productive and secure – Maintain the high level of productivity you need, wherever you are, by leveraging the seamless, secure mobile experience offered by Windows 10. https://fasttrack.microsoft.com/microsoft365/productivitylibrary/Use-your-device-like-a-PC-to-stay-productive-and-secure
  6. Use integrated apps and devices to improve healthcare patient care – Gain secure, speedy access to lab results, specialist recommendations, patient notes, scheduling, and more from your Microsoft 365 powered device and your clinic’s integrated apps. https://fasttrack.microsoft.com/microsoft365/productivitylibrary/Use-integrated-apps-and-devices-to-improve-patient-care
  7. Streamline healthcare lab operations while ensuring compliance – Improve your lab’s testing operations and ensure regulatory compliance by using powerful, modern devices. https://fasttrack.microsoft.com/microsoft365/productivitylibrary/Streamline-lab-operations-while-ensuring-compliance
Advertisements

Windows 10 News You Can Use – January 2018

Posted on

 Win10NewsLogo Windows 10 news you can use, January 2018 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other news related to Windows 10…

Deployment & Management

1)      Visual Studio 2017 15.4 introduced the new Windows Application Packaging project to help you modernizing your application by using the new Windows 10 App Deployment Stack. http://blogs.windows.com/buildingapps/2017/12/04/extend-desktop-application-windows-10-features-using-new-visual-studio-application-packaging-project

2)      Add Conditional Access to your Windows 10 VPN with Intune and Azure AD. https://blogs.technet.microsoft.com/microscott/add-conditional-access-to-your-windows-10-vpn-with-intune-and-azure-ad

3)      Windows Analytics accelerates enterprise Windows 10 migration. With Update Compliance and Device Health services now generally available, Windows Analytics provides an end-to-end upgrade solution with actionable insights into device performance, reliability, and health, so enterprises can broadly migrate their devices from Windows 7 or Windows 8 to Windows 10 or update Windows 10 devices to the latest feature update (Windows 10, version 1709) quickly and with confidence. http://blogs.windows.com/business/2017/12/12/accelerate-windows-10-migration-windows-analytics

4)      Troubleshooting Windows AutoPilot (level 300/400). https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400

5)      Blog post about file association configurations in Windows 10 that, after reading it, and you will be able to configure file associations in Windows 10 avoid this notification: An app default was reset. https://blogs.technet.microsoft.com/windowsinternals/2017/10/25/windows-10-how-to-configure-file-associations-for-it-pros

6)      Build your own Windows 10 VPN lab and configure it with Intune. https://blogs.technet.microsoft.com/microscott/build-your-own-windows-10-vpn-lab-and-configure-it-with-intune

7)      IT pros – join us on Tuesday, January 16th for an opportunity to “Ask Microsoft Anything” (AMA) about Windows Analytics. Members of the engineering and product teams will be standing by to answer your questions and listen to your feedback about Upgrade Readiness, Update Compliance, Device Health, and the future roadmap for Windows Analytics. https://techcommunity.microsoft.com/t5/Windows-Analytics-AMA/bd-p/WindowsAnalyticsAMA

8)      Different from the Windows Insider Program for Business, the Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release Enterprise Privacy and Security features. https://olympia.windows.com/Info/FAQ

9)      Using ConfigMgr co-management to offload Windows 10 updates to Microsoft Intune. https://blogs.technet.microsoft.com/arnabm/2017/12/12/using-configmgr-co-management-to-offload-windows-updates-to-intune

Security & Compliance

1)      Download the Windows Defender Advanced Threat Protection (WDATP) kit and learn how security solutions built into the operating system can help you detect, investigate, and respond to advanced attacks and data breaches on your networks. In addition, learn about the cost savings and business benefits enabled by WDATP. https://info.microsoft.com/ATPInformationKit-Registration.html

2)      In this blog, we explore how Windows Defender ATP (WDATP), makes use of AMSI inspection data to surface complex and evasive script-based attacks. We look at advanced attacks perpetrated by the highly skilled KRYPTON activity group and explore how commodity malware like Kovter abuses PowerShell to leave little to no trace of malicious activity on disk. From there, we look at how WDATP machine learning systems make use of enhanced insight about script characteristics and behaviors to deliver vastly improved detection capabilities. https://blogs.technet.microsoft.com/mmpc/2017/12/04/windows-defender-atp-machine-learning-and-amsi-unearthing-script-based-attacks-that-live-off-the-land

3)      Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and detection. In this blog post we’ll look at how additional automated analysis and machine learning models can further protect customers within minutes in rare cases where initial classification is inconclusive. https://blogs.technet.microsoft.com/mmpc/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses

4)      Microsoft Mechanics’ look at the recent updates to Windows Hello for Business. We’ll show you why it’s even more secure than a password. You’ll see new protections for when you are in a public place or for when you are away from your device. https://www.youtube.com/watch?v=G-GJuDWbBE8

5)      Learn how to address cybersecurity with these snackable security videos on the Microsoft in Business YouTube channel.  Includes Windows 10 security videos such as:

o   Why is Patching Important and What is Windows as a Service?

o   Why Layers of Security are Important

o   What is Windows Defender ATP?
6)      Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI. https://blogs.technet.microsoft.com/jepayne/2017/12/08/weffles

7)      The GDPR is compelling every organization to consider how it will respond to today’s security and compliance challenges. Read this white paper for an in-depth exploration of the GDPR and its implications for organizations, how the capabilities of Microsoft 365 Enterprise edition can help your organization approach GDPR compliance and accelerate your journey, and what you can do to get started now. https://resources.office.com/ww-landing-M365EGDPR-accelerate-your-GDPR-compliance-whitepaper.html?LCID=EN-US

Productivity

1)      Windows 10 Tip: Get started with Continue on PC in the Microsoft Edge mobile app. http://blogs.windows.com/windowsexperience/2017/12/04/windows-10-tip-get-started-continue-pc-microsoft-edge-mobile-app

2)      We are again at the beginning of another major technology shift: the ability to be connected anytime, anywhere with Always Connected PCs that are instantly on, always connected with incredible battery life. http://blogs.windows.com/windowsexperience/2017/12/05/always-connected-pcs-enable-a-new-culture-of-work

3)      In the new world of work, advanced professions increasingly require high-performance computing capabilities. We’re working to ensure Windows meets your needs, even in demanding and mission-critical scenarios.  Join us for a look at the key benefits of Windows 10 Pro for Workstations, which was announced in August. http://blogs.windows.com/business/2017/12/15/windows-10-pro-workstations-power-advanced-workloads

4)      Windows 10 Tip: How to recover your pin and password from the lock screen. http://blogs.windows.com/windowsexperience/2017/12/18/windows-10-tip-recover-pin-password-lock-screen

 

Windows 10 News You Can Use – December 2017

Posted on

 

Windows 10 news you can use, December 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other related news…

  • By running Windows 10 with Office 365 ProPlus and Enterprise Mobility + Security, you can simplify the way you deploy and manage devices, deliver the latest innovations to users, and get robust insights to help you proactively run and manage your IT processes—with intelligent security built in every step of the way.  Register today to join us on Tuesday, December 5th from 10:00 a.m. to 11:00 a.m. Pacific Time to learn how to help protect your data and devices from the latest threats, transition to cloud-based management at your own pace, roll out updates for Windows and Office in a streamlined way without impacting user productivity, and more.
  • Rapid cyberattacks like NotPetya and WannaCrypt were able to take down all IT systems at global enterprises in about an hour, creating a new challenge for IT and Security leadership and practitioners to manage. Join us to learn about these attacks and Microsoft’s prescriptive roadmap of recommended mitigations to protect your organization against this type of attack.
  • Learn from Microsoft Mechanics about the spectrum of built-in security defenses that protect your users, information and devices. This rich capability set spans Windows 10, Office 365, enterprise mobility and security, while leveraging a number of services within Microsoft Azure. To go even deeper, check out Deep Dive into Microsoft 365 Intelligent Security.
Deployment & Management

1)      Do the employees in your enterprise forget their passwords? Good news! The new Windows 10 Fall Creators update allows users with Azure AD-joined (AADJ) devices to see a “Reset password” link on their lock screen. When they click this link, they will be brought to the same self-service password reset (SSPR) experience they see when signing in from a browser. https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/resetting-passwords-on-azure-ad-joined-devices-is-much-easier-with-the-latest-windows-update

2)      We are delighted to announce that we have released version 1710 for System Center Configuration Manager that includes new features and product enhancements! https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/now-available-update-1710-for-system-center-configuration-manager

3)      Step-by-step guide on how to use an Azure AD cloud-only identity to access an on-premises, non-cloud resource. https://blogs.technet.microsoft.com/askpfeplat/2017/11/21/mix-and-match-workfolders-azure-ad-and-aad-application-proxy

4)      Infographic: Start a practical move to modern Windows 10 management with Microsoft Enterprise Mobility + Security (EMS). See how you can use co-management with System Center Configuration Manager (ConfigMgr) and Intune to transition to a modern management approach in a controlled, iterative way.  https://gallery.technet.microsoft.com/Infographic-Start-a-43e7c705

5)      What’s new in Hyper-V for Windows 10 Fall Creators Update? https://blogs.technet.microsoft.com/virtualization/2017/11/13/whats-new-in-hyper-v-for-windows-10-fall-creators-update

6)      Windows 10 Deployment: Tips and Tricks from Microsoft IT. https://mva.microsoft.com/en-US/training-courses/windows-10-deployment-tips-and-tricks-from-microsoft-it-18012?l=SGQyyppQE_3312263987

7)      Architectural planning posters for Windows 10, including for clean install, in-place upgrades, AutoPilot, servicing, and protection solutions. https://docs.microsoft.com/en-us/windows/deployment/windows-10-architecture-posters

8)      How to upgrade ConfigMgr to the latest version along with upgrading OS and SQL. https://blogs.technet.microsoft.com/configurationmgr/2017/11/15/how-to-upgrade-configmgr-to-version-1702-with-os-and-sql-upgrade

Security & Compliance

1)      Microsoft Windows 10 offers many new native security and privacy capabilities that potentially reduce organizations’ reliance on third-party endpoint security solutions. When taken together, these capabilities improve the risk posture of your endpoint environment and significantly reduce exposure to OS- and application-level exploits. This report explains to risk and security professionals the best ways to utilize the new Windows 10 security features while keeping users’ privacy intact. https://reprints.forrester.com/#/assets/2/108/RES138138/reports

2)      We’re excited to announce three leading security companies – Bitdefender, Lookout, and Ziften – are partnering with us to enable Windows Defender Advanced Threat Protection (ATP) to detect, protect, and respond to security threads on macOS, Linux, iOS, and Android devices. http://blogs.windows.com/business/2017/11/08/microsoft-partners-extend-windows-defender-atp-across-platforms

3)      Clarifying the behavior of mandatory Address Space Layout Randomization (ASLR) using Windows Defender Exploit Guard (WDEG) in Windows 10. https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr

4)      Overview of new security capabilities in Windows 10 1709.

 

Productivity

1)       What’s new [for the user experience] in the Windows 10 Fall Creators Update

2)      What’s New in Microsoft Edge in the Windows 10 Fall Creators Update
http://blogs.windows.com/msedgedev/2017/10/17/edgehtml-16-fall-creators-update

3)      Designing devices for the new culture of work
http://blogs.windows.com/devices/2017/10/31/news-from-future-decoded-designing-devices-for-the-new-culture-of-work 

4)      Introducing Surface Book 2, the most powerful Surface Book ever
https://blogs.windows.com/windowsexperience/2017/10/17/windows-10-fall-creators-update-and-mixed-reality-headsets-available-today-announcing-surface-book-2 

5)      Windows 10 Tip: Work more efficiently with MyAnalytics, it can help you managed relationships with important people, prioritize your time and track the reach and influence of your email communications.
http://blogs.windows.com/windowsexperience/2017/10/09/windows-10-tip-work-efficiently-myanalytics

6)      Windows 10 Tip: Get started with the Windows 10 Maps app
http://blogs.windows.com/windowsexperience/2017/10/16/windows-10-tip-get-started-windows-10-maps-app

Windows 10 News You Can Use – November 2017

Posted on Updated on

 

Windows 10 news you can use, November 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

In other related news…

 

Deployment & Management

1)      Register today for exclusive access to a one-hour, demo-rich webcast showcasing solutions that can help you monitor and proactively improve your experience with Windows 10 upgrades, update deployment, and device management.  Webcast will be Tuesday 11/7/2017.
https://blogs.technet.microsoft.com/windowsitpro/2017/10/12/webcast-qa-proactive-insights-with-windows-analytics

2)      Administrative Templates (.admx) for Windows 10 Fall Creators Update (1709)
https://www.microsoft.com/en-us/download/details.aspx?id=56121

3)      Update 1710 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/update-1710-for-configuration-manager-technical-preview-branch-available-now

Security & Compliance

1)      Microsoft Mechanics, live at Ignite 2017: Real tales of [recent] attacks and the defenses in Windows 10 to stop them
https://www.youtube.com/watch?v=bNPo_BA72Is&index=18&list=PLXtHYVsvn_b9vcbjK69horD5S4mrx_v4H

2)      Browser security beyond sandboxing
https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing

3)      Final release of the recommended security configuration baseline settings for Windows 10 1709
https://blogs.technet.microsoft.com/secguide/2017/10/18/security-baseline-for-windows-10-fall-creators-update-v1709-final

4)      Mobile, collaborative, and secure—Using Windows Information Protection to protect corporate data.  IT Showcase case study (30-minute video) that outlines how Microsoft IT is using Windows Information Protection.
https://www.microsoft.com/itshowcase/Article/Content/970/Mobile-collaborative-and-secureUsing-Windows-Information-Protection-to-protect-corporate-data

5)      Forrester Research recently released a report (available for purchase) which explains to risk and security professionals the best ways to utilize the new Windows 10 security features while keeping users’ privacy intact.
https://www.forrester.com/report/Windows+10+Finally+Delivers+On+Microsofts+Security+Promises/-/E-RES138138

Productivity

1)      What’s new [for the user experience] in the Windows 10 Fall Creators Update

2)      What’s New in Microsoft Edge in the Windows 10 Fall Creators Update
http://blogs.windows.com/msedgedev/2017/10/17/edgehtml-16-fall-creators-update

3)      Designing devices for the new culture of work
http://blogs.windows.com/devices/2017/10/31/news-from-future-decoded-designing-devices-for-the-new-culture-of-work 

4)      Introducing Surface Book 2, the most powerful Surface Book ever
https://blogs.windows.com/windowsexperience/2017/10/17/windows-10-fall-creators-update-and-mixed-reality-headsets-available-today-announcing-surface-book-2 

5)      Windows 10 Tip: Work more efficiently with MyAnalytics, it can help you managed relationships with important people, prioritize your time and track the reach and influence of your email communications.
http://blogs.windows.com/windowsexperience/2017/10/09/windows-10-tip-work-efficiently-myanalytics

6)      Windows 10 Tip: Get started with the Windows 10 Maps app
http://blogs.windows.com/windowsexperience/2017/10/16/windows-10-tip-get-started-windows-10-maps-app

Evaluating Windows Defender Antivirus with ConfigMgr

Posted on Updated on

A standard today’s threat landscape is to not rely on antivirus alone and other mechanisms of endpoint security should be in place to mitigate threats.  However,  having a solid AV is still beneficial. In the past year, Windows Defender Antivirus (WDAV) in Windows 10 and Server 2016 has made great strides to provide next-generation antivirus protection.  More and more organizations are beginning to realize this and consider using it to displace their age-old, costly platforms.

If you’re in the same position and are wondering how you might approach an evaluation of WDAV, consider the following high-level steps as I envision it.  First and foremost however, Microsoft has also published prescriptive guidance for evaluating WDAV outside of ConfigMgr, including a downloadable PDF.  I recommend reviewing that information in it’s entirety before taking action. It is also highly advised that you watch the recent session from Ignite 2017 – Next-Gen AV: Windows Defender Antivirus unleashed – BRK3063.

  1. Upgrade ConfigMgr to the current branch model to support the latest Windows 10 releases (note: please first ensure that you’re licensed for ConfigMgr current branch!!)
  2. Review and pre-determine the desired WDAV settings, such as:
    • Network bandwidth to override any BITS restrictions – note that any BITS client settings defined in these clients settings will override other client settings only if given a higher priority and will impact the rest of BITS configurations
    • Auto-uninstall other AV products
    • Real-time protection exclusions (ConfigMgr has templates available as well)
    • WDAV specific capabilities available in Win10 1703, such as:
      • Cloud protection options
      • Potentially unwanted programs
      • WDAV offline scanning
      • End-user interactions with the WDAV interface
      • End-user notifications
  3. Follow the 5 steps outlined for setup of ConfigMgr for WDAV management, which includes instructions for both server and clients, but does not include common instructions such as using collections, reporting, or setup of RBAC
    https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-protection-configure
  4. Additional ConfigMgr server/client setup considerations:
  5. Optional: Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment
    https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus

To test the WDAV deployment and functionality:

  1. Assign the WDAV ConfigMgr client policy to the collection
  2. Ensure policy is delivered and has the appropriate priority to take effect
  3. Verify prior AV is uninstalled and WDAV becomes active
  4. Monitor the user experience as well as one potential risk may be that the uninstall of prior AV may need a restart of Windows to ‘unload’ executions in memory
  5. Perform AV protection tests as desired using the WDAV testground (hosted by Microsoft) as well as other standard testing by your security personnel
  6. Review alerts in the ConfigMgr console and reports

Note: to learn more about the security defense in-depth, see some of these recent sessions.

Windows 10 News You Can Use – October 2017

Posted on

Win10NewsLogo

Windows 10 news you can use, October 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

Before getting into this month’s insights, Microsoft recently finished a great week at the Ignite conference.  Key Windows related announcements included:

Deployment & Management

1)      Celebrating 25 years of SMS / SCCM / ConfigMgr !!! https://blogs.technet.microsoft.com/enterprisemobility/2017/09/26/configmgr-25

2)      We are excited to announce co-management capabilities in Windows 10! Customers now can manage Windows 10 devices with Intune and Configuration Manager at the same time. This allows customers to transition to modern management at their own pace and in manageable steps: https://blogs.technet.microsoft.com/enterprisemobility/2017/09/25/maximizing-its-impact-with-microsoft-365-powered-devices

3)      Improvements to Windows 10 Dual-Scan capabilities. https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607

4)      Always On VPN and DirectAccess Features Comparison.  Use this topic to gain an understanding of how Windows 2016 and Windows 10 VPN features map to and improve upon legacy DirectAccess features. 
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-map-da

Security & Compliance

1)      Moving beyond EMET, part 2 – Windows Defender Exploit Guard https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard

2)      The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions, such as Office 365 Advanced Threat Protection or Windows Defender Advanced Threat Protection were safe from this attack without the need of additional updates. https://blogs.technet.microsoft.com/mmpc/2017/09/12/exploit-for-cve-2017-8759-detected-and-neutralized

3)      Ransomware H1 2017 in review: Global outbreaks reinforce the value of security hygiene.
https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene

4)      Is your organization ready for GDPR compliance? We’ve added important resources detail the security features and capabilities built into Windows 10 that can help you comply with GDPR and implement the technical and organizational security measures to help protect personal data. Included are two new Windows resources, Accelerate GDPR compliance with Windows 10 and Accelerate GDPR compliance with Windows Server 2016 white papers, that will help you plan and prepare for the GDPR deadline.
https://blogs.windows.com/windowsexperience/2017/09/25/windows-resources-to-help-support-your-gdpr-compliance

5)      With the Windows 10 Fall Creators Update, new Windows Defender ATP prevention capabilities were added, as well as capabilities to stop attacks as they happen, enabling companies to use the full power of the Windows security stack for preventative protection. This enables WDATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting WDATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. http://blogs.windows.com/business/2017/09/19/automated-response-for-windows-defender-atp

6)      Continuing with our commitment to privacy and data control, today we’re announcing privacy enhancements coming to the Windows 10 Fall Creators Update for consumers and commercial customers that further increase your access to information and provides you more control over what information is collected. https://blogs.windows.com/windowsexperience/2017/09/13/privacy-enhancements-coming-to-the-windows-10-fall-creators-update

7)      Microsoft is pleased to announce the draft release of the recommended security configuration baseline settings for Windows 10 “Fall Creators Update,” also known as version 1709, “Redstone 3,” or RS3. Please evaluate this proposed baseline and send us your feedback via blog comments below https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft

Productivity

1)      Microsoft Edge extensions, a year in review.  Microsoft shares a few updates on the progress that has been made since then, and a quick look at what’s planned for the future.
https://blogs.windows.com/msedgedev/2017/09/29/microsoft-edge-extensions-one-year-later

2)      Announcing Bing for business – a new intelligent search experience for Office 365 and Microsoft 365, which uses AI and the Microsoft Graph to deliver more relevant search results based on your organizational context. This new experience from Bing for your enterprise, school, or organization helps users save time by intelligently and securely retrieving information from enterprise resources such as company data, people, documents, sites and locations as well as public web results, displaying them in a single experience.
https://blogs.bing.com/search/2017-09/finding-what-you-need-at-work-just-got-easier-with-bing-for-business

3)      How often do you get an email or walk into a meeting not knowing much about the people you’re about to collaborate with? According to Microsoft more than half of the emails its users receive are from people outside their organization. We know how much relationships matter, and now with Profile Card in Microsoft Office 365, you’ll have a quick and easy way to find more information about the people you work with, all without having to leave your workflow. https://blog.linkedin.com/2017/september/250/adding-linkedin_s-profile-card-on-office-365-offers-a-simple-way

4)      What makes Windows 10 Creators Update the best version of Windows 10 ever? Quality. The top areas we consistently hear about through our feedback channels are around power, performance, and reliability. These fundamentals are key elements that users look for in a device and value because they impact their everyday use, like longer battery life, faster web browsing, streaming videos longer and device stability. As a result, the Creators Update is the most performant and reliable version of Windows 10 ever! I’m excited to share a number of improvements in fundamentals that Windows 10 devices enjoy after updating to the Creators Update. https://blogs.windows.com/windowsexperience/2017/09/20/windows-10-creators-update-best-version-windows-10-ever

5)      Windows 10 Tip: How to make Start full screen http://blogs.windows.com/windowsexperience/2017/09/11/windows-10-tip-make-start-full-scree

ConfigMgr Report for Antimalware Policies

Posted on Updated on

Let’s say for a moment that your organization uses SCCM for management of Windows Defender Antivirus (WDAV in Windows 10, Server 2016) or System Center Endpoint Protection (SCEP for legacy platforms).  Currently in SCCM (1706 or older) the only out-of-box mechanism to identify and report upon the antimalware policies being applied to a computer is through the SCCM console, such as in the image below.

ConsoleAntimalwarePolicies

What if the organization has a separate team or individual that needs that data – but you don’t want to provide them with the SCCM console?  You give them a report of course!  This quick guide will show you key things to do to obtain that info. The key steps are:

  1. Identify the SQL views being referenced by the SCCM console.
  2. Grant read permission of the SQL view to the SRSS reporting service account.
  3. Create the SRSS report.

Step 1: Identify the SQL views being referenced by the SCCM console.

  1. In the SCCM console, open the Antimalware Policies tab on the computer record
  2. Open the site server log SMSProv.log (and scroll to the end)
  3. Find the correlating “Execute SQL=” query to identify the SQL view(s) being used

    FindSQLqueryView

Step 2: Grant read permission of the SQL view to the SRSS reporting service account.

  1. Identify the service account being used by SCCM for SRSS reporting
    Tip: navigate to Administration > Security > Accounts, then locate the account being used for “ConfigMgr Reporting Services Point”
  2. Open SQL Management Studio (with a user account that has permissions to modify SQL permissions) and select the SCCM database
  3. Run the following GRANT command against the SCCM database
GRANT SELECT ON [dbo].[vSMS_G_SYSTEM_AmPolicyStatus] TO "DOMAIN\user"

GrantSQLview

Step 3: Create the SRSS report.  First off, there are many different ways that you can design the report.  To mimic what the SCCM console does, I usedan existing report with a selection box for the Computer Name, then just modified the executing query.

    1. Used report “Computer information for a specific computer” as an example baseline for selecting the computer name for a variable.
    2. Create a new report (using SQL Report Builder) to mimic the above report with the appropriate Data Source, Data Set(s), and Parameters

      AntimalwareReportBuilder

    3. Modified the SQL query to use the following code
SELECT APS.Name, APS.Priority, APS.LastMessageTime, @variable AS 'Computer Name'
FROM vSMS_G_SYSTEM_AmPolicyStatus as APS
JOIN v_R_System as SYS on APS.MachineID = SYS.ResourceID
WHERE SYS.Name0 = @variable
  1. Test execute the report to confirm the results
    Tip: in Report Builder, click the Run button on the Home tab
  2. Save, finish, and report!

AntimalwareReportResults