Presentation is loading. Please wait.

Presentation is loading. Please wait.

The changing of the guard

Published byGertrude Townsend Modified over 6 years ago

Similar presentations

Presentation on theme: "The changing of the guard"— Presentation transcript:

1 The changing of the guard
Dune Desormeaux Program Manager II @DuneConfigured Nash Pherson Enterprise Mobility MVP @KidMystic

2 Windows 10 security pillars
Secure Identities Credential Guard Threat Resistance Device Guard WDAG Information Protection BitLocker Windows Information Protection

3 Device Guard: Two features
Configurable code integrity Enterprise-grade application and software whitelist capabilities Configurable Code Integrity sets a single, machine policy Continue to use AppLocker for user/role-specific policies and managing .bat/.cmd Windows Script Host, MSIs, PowerShell Hypervisor protected code integrity Virtualization-based security protections for the Windows kernel Additional hardware and UEFI bios lockdown features to deliver most defensible security posture (Device Guard “ready” vs. Device Guard “capable”)

4 Device Guard: the old-Fashioned way
1 Identify target systems. 4 Deploy and test policy in audit mode. 6 Enable enforcement mode in CI policy and deploy to target systems. 2 Deploy VBS with CI protection. 5 Create new audit log policy and merge with CI policy 3 Create CI policy from ‘golden’ system(s).

5 Device Guard Management with ConfigMgr

6 Managing security Bouncer Manageability Security Bartender
Win10 RTM: Device Guard Configurable Code Integrity Explicit Allow-List High Risk, High Complexity Bouncer Managed Installer Windows Policy Manageability Security Win7: AppLocker Explicit Allow-List Known exploits Deployed with Group Policy Bartender

7 traditional platform stack
Device Hardware Kernel Windows Platform Services Apps

8 VIRTUALIZATION BASED SECURITY Windows 10
Kernel Windows Platform Services Apps System Container Trustlet #1 Trustlet #2 Trustlet #3 Hypervisor Device Hardware Windows Operating System Hyper-V Hypervisor protected code integrity (HVCI) Code Integrity process runs in a virtualized container Credential Guard Isolation of processes that handle secrets THERE ARE HARDWARE REQUIREMENTS

9 Credential Guard Windows 10 can keep a secret

10 Credential guard: Basics
Isolates secrets/credentials using Virtualization Based Security

11 ConfigMgr CI – Babysitting Cred Guard
Gotta do this ourselves for now… Because you haven’t voted yet: support-enabling-credential-guard-via-compliance-s bhttps:// osd-with-configmgr/ (See the ConfigMgr CI’s session at 1pm today, repeat on Thursday)

12 Requirements for VBS Hardware: 64-bit CPU
Hardware: CPU virtualization extensions, plus extended page tables Firmware: UEFI firmware version c or higher with UEFI Secure Boot Firmware: Secure firmware update process Software: HVCI/CG compatible drivers Software: Qualified Windows operating system

13 Device Guard and Credential Guard Hardware Readiness Tool

14 Windows defender Application guard
Isolating Microsoft Edge from unsafe web locations

15 Why application guard?

16 Windows Defender application guard

17 In The real world feat. nash
Tell us how you really feel!

18 Q & A

19

20

Download ppt "The changing of the guard"

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Remote Desktop Services

Remote Desktop Services
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
Windows Defender Next Generation Anti-malware

Windows Defender Next Generation Anti-malware
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Devices and Deployment Management & Security Identity Cloud.

Devices and Deployment Management & Security Identity Cloud.
WCA-B324 Get Up!!! YAAAWWWN! App-V 5.0 Get Ready for… Are You Ready?

WCA-B324 Get Up!!! YAAAWWWN! App-V 5.0 Get Ready for… Are You Ready?
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.

Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.

Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Bart Miller – October 22 nd, 2012.  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.

Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.
Paul Cooke - CISSP Director Microsoft Session Code: CLI322.

Paul Cooke - CISSP Director Microsoft Session Code: CLI322.
Wireless and Mobile Security

Wireless and Mobile Security
Alessandro Cardoso, Microsoft MVP Creating your own “Private Cloud” with Windows 10 Hyper- V WIN443.

Alessandro Cardoso, Microsoft MVP Creating your own “Private Cloud” with Windows 10 Hyper- V WIN443.
Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E.

Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E.
End the game for Credential Theft with Windows 10

End the game for Credential Theft with Windows 10
Secure Your Workstations

Secure Your Workstations

Similar presentations

Ads by Google