Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Microsoft Introduces Security Configuration Framework

A security configuration framework for Windows 10 unveiled by Microsoft this week defines five different levels of discrete prescriptive security configurations.

A security configuration framework for Windows 10 unveiled by Microsoft this week defines five different levels of discrete prescriptive security configurations.

Having customers define this aspect of their security until now has resulted in a huge number of configurations, and Microsoft is now looking to simplify the process while still providing customers with flexibility.

The new security configuration framework, Microsoft Principal Program Manager Chris Jackson says, should allow customers to balance security, productivity, and user experience by meeting many of the common device scenarios observed in the enterprise today.

Jackson also points out that the secure score in Microsoft Defender ATP provides enough information for one company to trust software from another when necessary, which eventually leads to industry cooperation.

“Through the top recommendations, we suggest a prioritized list for securing your devices, with a relative ranking of the overall impact to your security posture. We are also exploring ways to provide useful comparisons using this framework,” he notes.

Through the secure score, customers receive recommendations for securing their endpoint devices (among other things). Context-aware, the recommendations are driven by the existing configuration and the threats impacting the environment.

One issue that remains, however, is related to new Windows 10 deployments, where guidance from the Microsoft Defender ATP Secure Score isn’t available yet. This is what the newly introduced security configuration framework aims to resolve, Jackson points out.

Microsoft focused on grouping recommendations into coherent and discrete groups, so that customers could easily figure out where they stand in terms of defensive posture.

The 5 discrete levels of security configuration in the initial draft mimic the DEFCON levels used to determine alert state by the United States Armed Forces, with lower numbers indicating a higher degree of security hardening.

Enterprise security is the minimum-security configuration for an enterprise device, with straightforward recommendations that are designed to be deployable within 30 days.

Enterprise high security is recommended for devices where users access sensitive or confidential information, and might impact app compatibility (will often go through an audit-configure-enforce workflow). Recommendations are accessible to most organizations and deployable within 90 days.

Enterprise VIP security is recommended for devices in organizations likely to be targeted by well-funded and sophisticated adversaries. Recommendations can be complex, can often go beyond 90 days, and are meant for larger or more sophisticated security teams.

DevOps workstation is recommend for developers and testers, who may be targeted in both supply chain and credential theft attacks that aim at disrupting critical business functions. This guidance is still under development.

Administrator workstation is recommended for individuals who face the highest risk, through data theft, data alteration, or service disruption. The guidance hasn’t been finalized yet.

“We are releasing this draft version to gather additional feedback from organizations looking to organize their device security hardening program,” Jackson says, adding that Microsoft is expecting feedback to find ways to improve the framework.

Related: Microsoft Launches Defender ATP Endpoint Security for macOS

Related: Microsoft Enhances Windows Defender ATP

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...