Learn How to Secure Windows 10 Devices in a Modern Sophisticated Way Device Management SCCM? A few years before, the protection of a Windows machine was only Antivirus software with malware/spyware protection. This world is changing now, and cyber attacks are getting more sophisticated.
I don’t believe that only antivirus and malware/spyware solutions can help us protect corporate devices. As you know, Windows 10 is redefining the way we think about security. With TPM and UEFI, hardware can plug some of the holes attackers use to compromise systems.
Secure Windows 10 Devices
Of course, these capabilities are just part of a sophisticated solution that involves countless security enhancements to Windows 10 itself, such as improved identity and access control, cloud security integration, and containerization. Windows 10 delivers an unprecedented suite of capabilities to the enterprise.
Now it’s up to you as IT systems administrators to use these new features correctly and help keep your company safe.
To that end, Microsoft TechNet has a nice overview here, and Adaptiva has provided some background and how-to information in their recent Top 5 Security Best Practices for Windows 10 in the Enterprise report.
Most of the topics covered below are easily implemented using modern management ways using OMA-URI via Intune/SCCM. Some of the topics the report covers include:
Windows Information Protection
Want to keep your company’s confidential product roadmap from being sent from an employee’s private email or placed in their personal Dropbox account? That is the sort of challenge Microsoft is solving through containerization with WIP. Here is one of my blog posts explaining how to create WIP/EDP policies via Intune and SCCM.
Imagine a future where part of your encryption key is stored in a system’s hardware, and another part is stored in the software. If you run a TPM chip with BitLocker, that future is a reality today. Learn How to Secure Windows 10 Devices in a Modern Sophisticated Way Device Management SCCM?
It makes life easier for users because they get this extra level of security while only entering their Windows login not a separate encryption key. But it makes life hard for attackers, who would need both the hardware and software keys (or an extremely long recovery key) to break-in.
UEFI with Secure Boot
UEFI changes everything because it enables secure boot. When your OS loads, it has to be trusted by the PC manufacturer, or it won’t run. The same goes for drivers and more—if they are not trusted, they don’t run. This makes life a lot harder for people looking to compromise your OS.
We’ve all heard of “pass the hash” attacks where security credentials are snagged and used for unfriendly purposes. Credential Guard helps to prevent them and some other attacks as well. Learn How to Secure Windows 10 Devices in a Modern Sophisticated Way Device Management SCCM?
Of course, securing the boot process, credentials, and hard disk is not enough. If one application is replaced with an imposter, or contains malware, to begin with, or IS malware, a hacker has the keys to the front door of your enterprise. Device Guard prevents unauthorized applications from running.
Vulnerability is not an Option
Suppose you are up to speed on all these technologies and implementing them correctly; great! If not, you should invest some time to download the guides and reports out there and get up to speed on your security options with Windows 10 today.
Learn How to Secure Windows 10 Devices in a Modern Sophisticated Way Device Management SCCM?
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…