The Microsoft security team has launched a beta version of the SECCON framework for enterprise users to improve overall security at different levels of security. The SECCON framework is not a universal security solution but a simplified configuration, and enterprise-level users can choose the best configuration at the current level as needed. According to Microsoft, this is based on the discrete normative analysis of telemetry data to meet the security use scenarios of common devices in modern enterprises.
In the past, Microsoft defined the security configuration of the Windows 10 system as the task of each customer, and the results saw different configuration schemes used by many customers. And through the standardized solution will bring a lot of points, so our security team develops a security configuration framework to meet the enterprise’s simplified configuration needs and so on. The security configuration framework simplifies configuration while retaining sufficient flexibility to enable enterprise users to balance security and productivity with the user experience.
- Level 5 Enterprise Security – We recommend this configuration as the minimum security configuration for an enterprise device. Recommendations for this level are generally straightforward and are designed to be deployable within 30 days.
- Level 4 Enterprise High Security – We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls may have an impact to app compat, and therefore will often go through an audit-configure-enforce workflow. Recommendations for this level are generally accessible to most organizations and are designed to be deployable within 90 days.
- Level 3 Enterprise VIP Security – We recommend this configuration for devices run by an organization with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk (as one example, one organization identified users who handle data whose theft would directly and seriously impact their stock price). An organization likely to be targeted by well-funded and sophisticated adversaries should aspire to this configuration. Recommendations for this level can be complex (for example, removing local admin rights for some organizations can be a long project in and of itself) and can often go beyond 90 days.
- Level 2 DevOps Workstation – We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. Level 2 guidance is coming soon!
- Level 1 Administrator Workstation – Administrators (particularly of identity or security systems) present the highest risk to the organization, through data theft, data alteration, or service disruption. Level 1 guidance is coming soon!
This product is currently a preliminary release, but it still needs to continue testing. Microsoft also expressed the hope that enterprise users can participate in test feedback. Microsoft will also invite early users of the test project, experts from the Microsoft engineering team, and teams in the Microsoft sales space to conduct more in-depth testing.
Interested companies and corporate IT administrators can read the current draft here: Windows Security Configuration Framework.