Month: October 2017

Evaluating Windows Defender Antivirus with ConfigMgr

Posted on Updated on

A standard today’s threat landscape is to not rely on antivirus alone and other mechanisms of endpoint security should be in place to mitigate threats.  However,  having a solid AV is still beneficial. In the past year, Windows Defender Antivirus (WDAV) in Windows 10 and Server 2016 has made great strides to provide next-generation antivirus protection.  More and more organizations are beginning to realize this and consider using it to displace their age-old, costly platforms.

If you’re in the same position and are wondering how you might approach an evaluation of WDAV, consider the following high-level steps as I envision it.  First and foremost however, Microsoft has also published prescriptive guidance for evaluating WDAV outside of ConfigMgr, including a downloadable PDF.  I recommend reviewing that information in it’s entirety before taking action. It is also highly advised that you watch the recent session from Ignite 2017 – Next-Gen AV: Windows Defender Antivirus unleashed – BRK3063.

  1. Upgrade ConfigMgr to the current branch model to support the latest Windows 10 releases (note: please first ensure that you’re licensed for ConfigMgr current branch!!)
  2. Review and pre-determine the desired WDAV settings, such as:
    • Network bandwidth to override any BITS restrictions – note that any BITS client settings defined in these clients settings will override other client settings only if given a higher priority and will impact the rest of BITS configurations
    • Auto-uninstall other AV products
    • Real-time protection exclusions (ConfigMgr has templates available as well)
    • WDAV specific capabilities available in Win10 1703, such as:
      • Cloud protection options
      • Potentially unwanted programs
      • WDAV offline scanning
      • End-user interactions with the WDAV interface
      • End-user notifications
  3. Follow the 5 steps outlined for setup of ConfigMgr for WDAV management, which includes instructions for both server and clients, but does not include common instructions such as using collections, reporting, or setup of RBAC
    https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-protection-configure
  4. Additional ConfigMgr server/client setup considerations:
  5. Optional: Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment
    https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus

To test the WDAV deployment and functionality:

  1. Assign the WDAV ConfigMgr client policy to the collection
  2. Ensure policy is delivered and has the appropriate priority to take effect
  3. Verify prior AV is uninstalled and WDAV becomes active
  4. Monitor the user experience as well as one potential risk may be that the uninstall of prior AV may need a restart of Windows to ‘unload’ executions in memory
  5. Perform AV protection tests as desired using the WDAV testground (hosted by Microsoft) as well as other standard testing by your security personnel
  6. Review alerts in the ConfigMgr console and reports

Note: to learn more about the security defense in-depth, see some of these recent sessions.

Advertisements

Windows 10 News You Can Use – October 2017

Posted on

Win10NewsLogo

Windows 10 news you can use, October 2017 edition

Providing insights into Windows 10 deployment & management, security & compliance, and productivity

Before getting into this month’s insights, Microsoft recently finished a great week at the Ignite conference.  Key Windows related announcements included:

Deployment & Management

1)      Celebrating 25 years of SMS / SCCM / ConfigMgr !!! https://blogs.technet.microsoft.com/enterprisemobility/2017/09/26/configmgr-25

2)      We are excited to announce co-management capabilities in Windows 10! Customers now can manage Windows 10 devices with Intune and Configuration Manager at the same time. This allows customers to transition to modern management at their own pace and in manageable steps: https://blogs.technet.microsoft.com/enterprisemobility/2017/09/25/maximizing-its-impact-with-microsoft-365-powered-devices

3)      Improvements to Windows 10 Dual-Scan capabilities. https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607

4)      Always On VPN and DirectAccess Features Comparison.  Use this topic to gain an understanding of how Windows 2016 and Windows 10 VPN features map to and improve upon legacy DirectAccess features. 
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-map-da

Security & Compliance

1)      Moving beyond EMET, part 2 – Windows Defender Exploit Guard https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard

2)      The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions, such as Office 365 Advanced Threat Protection or Windows Defender Advanced Threat Protection were safe from this attack without the need of additional updates. https://blogs.technet.microsoft.com/mmpc/2017/09/12/exploit-for-cve-2017-8759-detected-and-neutralized

3)      Ransomware H1 2017 in review: Global outbreaks reinforce the value of security hygiene.
https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene

4)      Is your organization ready for GDPR compliance? We’ve added important resources detail the security features and capabilities built into Windows 10 that can help you comply with GDPR and implement the technical and organizational security measures to help protect personal data. Included are two new Windows resources, Accelerate GDPR compliance with Windows 10 and Accelerate GDPR compliance with Windows Server 2016 white papers, that will help you plan and prepare for the GDPR deadline.
https://blogs.windows.com/windowsexperience/2017/09/25/windows-resources-to-help-support-your-gdpr-compliance

5)      With the Windows 10 Fall Creators Update, new Windows Defender ATP prevention capabilities were added, as well as capabilities to stop attacks as they happen, enabling companies to use the full power of the Windows security stack for preventative protection. This enables WDATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting WDATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. http://blogs.windows.com/business/2017/09/19/automated-response-for-windows-defender-atp

6)      Continuing with our commitment to privacy and data control, today we’re announcing privacy enhancements coming to the Windows 10 Fall Creators Update for consumers and commercial customers that further increase your access to information and provides you more control over what information is collected. https://blogs.windows.com/windowsexperience/2017/09/13/privacy-enhancements-coming-to-the-windows-10-fall-creators-update

7)      Microsoft is pleased to announce the draft release of the recommended security configuration baseline settings for Windows 10 “Fall Creators Update,” also known as version 1709, “Redstone 3,” or RS3. Please evaluate this proposed baseline and send us your feedback via blog comments below https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft

Productivity

1)      Microsoft Edge extensions, a year in review.  Microsoft shares a few updates on the progress that has been made since then, and a quick look at what’s planned for the future.
https://blogs.windows.com/msedgedev/2017/09/29/microsoft-edge-extensions-one-year-later

2)      Announcing Bing for business – a new intelligent search experience for Office 365 and Microsoft 365, which uses AI and the Microsoft Graph to deliver more relevant search results based on your organizational context. This new experience from Bing for your enterprise, school, or organization helps users save time by intelligently and securely retrieving information from enterprise resources such as company data, people, documents, sites and locations as well as public web results, displaying them in a single experience.
https://blogs.bing.com/search/2017-09/finding-what-you-need-at-work-just-got-easier-with-bing-for-business

3)      How often do you get an email or walk into a meeting not knowing much about the people you’re about to collaborate with? According to Microsoft more than half of the emails its users receive are from people outside their organization. We know how much relationships matter, and now with Profile Card in Microsoft Office 365, you’ll have a quick and easy way to find more information about the people you work with, all without having to leave your workflow. https://blog.linkedin.com/2017/september/250/adding-linkedin_s-profile-card-on-office-365-offers-a-simple-way

4)      What makes Windows 10 Creators Update the best version of Windows 10 ever? Quality. The top areas we consistently hear about through our feedback channels are around power, performance, and reliability. These fundamentals are key elements that users look for in a device and value because they impact their everyday use, like longer battery life, faster web browsing, streaming videos longer and device stability. As a result, the Creators Update is the most performant and reliable version of Windows 10 ever! I’m excited to share a number of improvements in fundamentals that Windows 10 devices enjoy after updating to the Creators Update. https://blogs.windows.com/windowsexperience/2017/09/20/windows-10-creators-update-best-version-windows-10-ever

5)      Windows 10 Tip: How to make Start full screen http://blogs.windows.com/windowsexperience/2017/09/11/windows-10-tip-make-start-full-scree