Presentation is loading. Please wait.

Presentation is loading. Please wait.

11/8/2018 5:04 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Published byCorey Hopkins Modified over 6 years ago

Similar presentations

Presentation on theme: "11/8/2018 5:04 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN."— Presentation transcript:

1 11/8/2018 5:04 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Nameščanje Windows 10 – kako to narediti pravilno
11/8/2018 5:04 PM Nameščanje Windows 10 – kako to narediti pravilno Tomaž Čebul, Microsoft services © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 11/8/2018 5:04 PM US Department of Defense to deploy 4 million seats of Windows © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Windows 10 security 11/8/2018 5:04 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Typical Attack Timeline & Observations
First Host Compromised Domain Admin Compromised Attack Discovered Research & Preparation Attacker Undetected (Data Exfiltration) 24-48 Hours More than 200 days (varies by industry) Attack Sophistication Attack operators exploit any weakness Target information on any device or service Target AD & Identities Active Directory controls access to business assets Attackers commonly target AD and IT Admins Attacks not detected Current detection tools miss most attacks You may be under attack (or compromised) Response and Recovery Response requires advanced expertise and tools Expensive and challenging to successfully recover © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 The Windows 10 Defense Stack
11/8/2018 The Windows 10 Defense Stack PROTECT, DETECT & RESPOND PRE-BREACH POST-BREACH Device protection Device Health attestation  Device Guard Device Control Security policies Threat resistance SmartScreen AppLocker Device Guard Windows Defender Network/Firewall Built-in 2FA Account lockdown Credential Guard Microsoft Passport Windows Hello ;) Identity protection Information protection Device protection / Drive encryption Enterprise Data Protection Conditional access Windows Defender ATP Breach detection investigation & response Device protection Threat resistance Identity protection Information protection Breach detection investigation & response Conditional Access Windows Defender ATP Device integrity Device control BitLocker and BitLocker to Go Windows Information Protection SmartScreen Windows Firewall Microsoft Edge Device Guard Windows Defender Windows Hello ;) Windows Hello for Business Credential Guard © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

7 What are the hardware prerequisites?
To enable advanced Windows 10 security we need the following: Updated computer BIOS UEFI boot Secure Boot Virtualization support TPM enabled

8 But we are running Windows 7/8/x in legacy BIOS mode …
11/8/2018 5:04 PM But we are running Windows 7/8/x in legacy BIOS mode … © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 What would be an old way to upgrade
Capture user state&data using USMT and backup to network server Suspend BitLocker Configure computer BIOS to UEFI boot + extras Reformat the drive to GPT Clean install Windows 10 Restore user state&data using USMT from network server Configure BitLocker Reinstall all applications

10 What is the modern way to upgrade
Suspend BitLocker Upgrade Windows 7/8/x to Windows 10 Configure computer BIOS to UEFI boot + extras Convert disk layout from MBR to GPT Configure Bitlocker

11 Task Sequence componenets
11/8/2018 5:04 PM Task Sequence componenets © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 BIOS to UEFI First run disk conversion Second convert the Bios to UEFI
Different tools for different vendors (different prameters for different models) Restart Group filter _SMSTSBootUEFI = False and HW models

13 MBR2GPT Converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk Part of Windows 10 Creators Update (1703) Can run on WinPE or full OS if 1703 Mbr2gpt /convert /disk:0

14 BIOS Configuration Tools
The computer manufacturer must provide a tool for BIOS configuration HP: Lenovo: Dell:

15 Bitlocker We need to disable Bitlocker before upgrade and disk manipulation Embeded Disable Bitlocker task disables Bitlocker for one restart only We need to disable Bitlocker indefinitelly until we finish with upgrade taks Win10: cmd.exe /c "manage-bde -protectors -disable C: -RC 0" Win 7: cmd.exe /c "manage-bde -protectors -disable C:" After upgrade is finished we need to reenable Bitlocker protectors cmd.exe /c "manage-bde -protectors -enable C:"

16 11/8/2018 5:04 PM Language packs © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 How to install language packs to Windows 10
If we want to have multilanguage image, we need to add all required language packs into the basic en-US image. Language pack versions has to match basic en-US image version. At deploy time we select default language pack Proper procedure described here:

18 Resources

19 Vprašanja? tomaz.cebul@microsoft.com
11/8/2018 5:04 PM Vprašanja? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 11/8/2018 5:04 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "11/8/2018 5:04 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN."

Similar presentations

Devices and Deployment Management & Security Identity Cloud.

Devices and Deployment Management & Security Identity Cloud.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
4/17/2017 7:07 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

4/17/2017 7:07 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
Implementering af Windows 8 in real life Windows 8 OS Deployment Windows 8 OS Deployment features of ConfigMgr 2012 SP1 Take a look at what’s coming.

Implementering af Windows 8 in real life Windows 8 OS Deployment Windows 8 OS Deployment features of ConfigMgr 2012 SP1 Take a look at what’s coming.
Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.

Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.

Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
ITE 1 Chapter 5. Chapter 5 is a Large Chapter It has a great deal of useful information about operating systems. You will find this VERY helpful when.

ITE 1 Chapter 5. Chapter 5 is a Large Chapter It has a great deal of useful information about operating systems. You will find this VERY helpful when.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Windows XP to Windows 7 using P2V Migration. Agenda Deploying Local P2V Migration for SA Retro Mode Scripts Customize MDT 2010 with Disk2VHD Windows Virtual.

Windows XP to Windows 7 using P2V Migration. Agenda Deploying Local P2V Migration for SA Retro Mode Scripts Customize MDT 2010 with Disk2VHD Windows Virtual.
MCTS Guide to Microsoft Windows Vista Chapter 4 Managing Disks.

MCTS Guide to Microsoft Windows Vista Chapter 4 Managing Disks.
Module 15 Managing Windows Server® 2008 Backup and Restore.

Module 15 Managing Windows Server® 2008 Backup and Restore.
(ITI310) By Eng. BASSEM ALSAID SESSION 2: Server Configuration & Administration Notes SAT 31-Oct-2015.

(ITI310) By Eng. BASSEM ALSAID SESSION 2: Server Configuration & Administration Notes SAT 31-Oct-2015.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
What's up with all these Windows 10 options?

What's up with all these Windows 10 options?
End the game for Credential Theft with Windows 10

End the game for Credential Theft with Windows 10
Prepare for Windows 10 and UEFI

Prepare for Windows 10 and UEFI

Similar presentations

Ads by Google