Windows 10: Microsoft Defender ATP now assesses your security configurations

Windows 10: Microsoft Defender ATP now assesses your security configurations Cybersecurity

Microsoft Defender Advanced Threat Protection (ATP) now gives your devices and your network a security score that tells administrators how healthy their environment is based on its configuration. A high score means that the collective security configuration is in good condition for applications, operating systems, network, accounts and security checks.

Microsoft calls the configuration score “Microsoft Secure Score for Devices”, which is visible in the dashboard component of the Threat and Vulnerability Management service of the Microsoft Defender Security Center.

The tool will be useful for SoCs to browse a network in search of vulnerabilities which could be mitigated by appropriate configuration changes. For example, the use of privileged administrator rights on accounts that do not need this level of freedom.

List of recommendations based on the results of the analysis

Microsoft promises that the data provided for the analysis is the product of a “meticulous and continuous discovery of vulnerabilities”, which implies, for example, to compare the collected configurations and the reference points, and to collect reference points on best practices with suppliers, security flows and internal research teams.

ATP Defender users will see a list of recommendations based on the results of the scan. It contains the problem, for example if a built-in administrator account has been disabled, the version of Windows 10 or Windows Server analyzed, and a description of the potential risks.

For this risk, for example, Microsoft explains that the administrator account is a prime target for brute force attacks and other techniques, usually after a security breach has already occurred. Defender ATP also provides the number of accounts exposed on the network and an impact score.

An organization’s security rating should improve after corrective actions are taken

Users can export a checklist of corrective actions to take in CSV format to share with team members and ensure that actions are taken in a timely manner. An organization’s security rating should improve once corrective actions are taken.

Microsoft is warning that there may be false alarms related to the partial support of its Intune mobile device management platform. “Microsoft Secure Score for Devices currently supports configurations defined through group policy,” he notes. “Due to Intune’s current partial support, configurations that could have been defined by Intune may appear to be misconfigured. Contact your IT administrator to verify the actual configuration status in case your organization uses Intune for secure management. of the configuration “.

Source: “ZDNet.com”

Source: www.zdnet.fr

Rate article