The changing of the guard

Slides:



Advertisements
Similar presentations
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Advertisements

Ljubomir Ivaniš CPU d.o.o.
Remote Desktop Services
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
Windows Defender Next Generation Anti-malware
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Devices and Deployment Management & Security Identity Cloud.
WCA-B324 Get Up!!! YAAAWWWN! App-V 5.0 Get Ready for… Are You Ready?
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.
Paul Cooke - CISSP Director Microsoft Session Code: CLI322.
Wireless and Mobile Security
Alessandro Cardoso, Microsoft MVP Creating your own “Private Cloud” with Windows 10 Hyper- V WIN443.
Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E.
End the game for Credential Theft with Windows 10
Secure Your Workstations
Moving to Windows 10 Vishal Ladwa – PowerONPlatforms Consultant
News in ConfigMgr EWUG 1610.
Windows 10 Enterprise Subscriptions in CSP
Learn about Windows 10 Secure Kernel
System Center 2012 Configuration Manager
Supporting Windows 8.1 Krystle Portocarrero | Training Experts Inc.
How To Implement and Stay Out of the News
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Hybrid Management and Security
Microsoft /4/ :15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.
Windows 10 Security Internals
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Contain and Isolate Ransomware with Citrix and Microsoft
If You Simply Deploy Windows 10, You Failed
Tactic 4: Defend Your Domain Controllers
Lesson Objectives Aims Key Words
Best practices to secure Windows 10 with already included features
Microsoft Edge Security with Windows Defender Application Guard
7/1/2018 5:07 PM BRK2080 Deploying and Managing Windows Defender Application Control in the Real World Nazmus Sakib Jeffrey Sutherland Dune Desormeaux.
Microsoft Ignite /18/2018 8:30 PM BRK2065
Modernize ConfigMgr OSD with Community Tools
A Fast Track into Device Guard
CompareDocs cloud Makes it Immediately Clear What has Changed Between Document Versions, on any Windows 10-Compatible PC or Device WINDOWS APP BUILDER.
Windows Tech Series Module 13: Device Guard
Device Guard: AppLocker on steroids
Newness and Coolness in Configuration MANAGER
The Microsoft 365 Powered Device
VCE Dumps
Download dumps - Microsoft Real Exam Questions Dumps4download
11/8/2018 5:04 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Drop the hammer down on malware threats with Windows 10’s Device Guard
Laura A. Robinson July 10, June 30, /15/2018 4:19 PM
Microsoft Ignite /20/2018 2:21 PM
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Data Security for Microsoft Azure
11/23/2018 3:03 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Unitrends Enterprise Backup Solution Offers Backup and Recovery of Data in the Microsoft Azure Cloud for Better Protection of Virtual and Physical Systems.
Application Whitelisting and Your Managed Desktops
11/27/2018 BRK2081 Windows Defender Application Guard making Microsoft Edge the world’s most secure browser! Chas Jeffries Lead Program Manager Windows.
Modern Windows 10 device 12/2/2018 E3 E3 P E3 P P P P E3 E3 P P P P P
12/4/ :37 PM Deploying and Managing Windows Defender Application Control in the Real World Nazmus Sakib © 2014 Microsoft Corporation. All rights.
Windows 10 Enterprise Subscriptions in CSP
Windows 10 Creators Update for IT Pros
The bios.
Deploying and Managing Windows To Go
Microsoft 365 Business Technical Fundamentals Series
Preparing for the Windows 8.1 MCSA
Microsoft 365 Business Technical Fundamentals Series
What is an operating system An operating system is the most important software that runs on a computer. It manages the computer's memory and processes,
Presentation transcript:

The changing of the guard Dune Desormeaux Program Manager II @DuneConfigured Nash Pherson Enterprise Mobility MVP @KidMystic

Windows 10 security pillars Secure Identities Credential Guard Threat Resistance Device Guard WDAG Information Protection BitLocker Windows Information Protection

Device Guard: Two features Configurable code integrity Enterprise-grade application and software whitelist capabilities Configurable Code Integrity sets a single, machine policy Continue to use AppLocker for user/role-specific policies and managing .bat/.cmd Windows Script Host, MSIs, PowerShell Hypervisor protected code integrity Virtualization-based security protections for the Windows kernel Additional hardware and UEFI bios lockdown features to deliver most defensible security posture (Device Guard “ready” vs. Device Guard “capable”)

Device Guard: the old-Fashioned way 1 Identify target systems. 4 Deploy and test policy in audit mode. 6 Enable enforcement mode in CI policy and deploy to target systems. 2 Deploy VBS with CI protection. 5 Create new audit log policy and merge with CI policy 3 Create CI policy from ‘golden’ system(s).

Device Guard Management with ConfigMgr

Managing security Bouncer Manageability Security Bartender Win10 RTM: Device Guard Configurable Code Integrity Explicit Allow-List High Risk, High Complexity Bouncer Managed Installer Windows Policy Manageability Security Win7: AppLocker Explicit Allow-List Known exploits Deployed with Group Policy Bartender

traditional platform stack Device Hardware Kernel Windows Platform Services Apps

VIRTUALIZATION BASED SECURITY Windows 10 Kernel Windows Platform Services Apps System Container Trustlet #1 Trustlet #2 Trustlet #3 Hypervisor Device Hardware Windows Operating System Hyper-V Hypervisor protected code integrity (HVCI) Code Integrity process runs in a virtualized container Credential Guard Isolation of processes that handle secrets THERE ARE HARDWARE REQUIREMENTS

Credential Guard Windows 10 can keep a secret

Credential guard: Basics Isolates secrets/credentials using Virtualization Based Security

ConfigMgr CI – Babysitting Cred Guard Gotta do this ourselves for now… Because you haven’t voted yet: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/19311187- support-enabling-credential-guard-via-compliance-s bhttps://www.scconfigmgr.com/2016/06/15/enable-credential-guard-in-windows-10-during- osd-with-configmgr/ https://github.com/npherson/StealTheseCIs http://ccmexec.com/2017/04/configmgr-ci-to-check-that-credential-guard-is-running/ (See the ConfigMgr CI’s session at 1pm today, repeat on Thursday)

Requirements for VBS Hardware: 64-bit CPU Hardware: CPU virtualization extensions, plus extended page tables Firmware: UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot Firmware: Secure firmware update process Software: HVCI/CG compatible drivers Software: Qualified Windows operating system

Device Guard and Credential Guard Hardware Readiness Tool

Windows defender Application guard Isolating Microsoft Edge from unsafe web locations

Why application guard?

Windows Defender application guard

In The real world feat. nash Tell us how you really feel!

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.