Microsoft Reveals SECCON Framework for Windows 10 Enterprise

Microsoft SECCON Framework

According to Microsoft, the SECCON is based on DEFCON levels. And it is not a universal security solution but a simplified configuration. For Windows 10 enterprise-level users, they can choose the best configuration at the current level according to the need.

Here Are Some Windows 10 Security Guides to Safeguard Your PC!

How to safeguard your computer so as to avoid some problems? This post will show you some Windows 10 security guide.

Read More

Microsoft says that this is based on the discrete normative analysis of telemetry data so as to meet the many of the common device security use scenarios we see today in modern enterprises.

Principal program manager Chris Jackson explains that Microsoft defined the security configuration of Windows 10 OS as a task for each customer to sort out in the past. As a result, many customers adopted different configuration schemes.

Since the standard solution will bring many advantages, Microsoft releases SECCON framework for Windows 10 enterprise users to meet their simplified configuration needs. Additionally, this Windows security configuration framework simplifies configuration, meanwhile, it retains enough flexibility to allow users to balance security, productivity, and user experience.

Chris Jackson also states “We sat down and asked ourselves this question: if we didn’t know anything at all about your environment, what security policies and security controls would we suggest you implement first?”

The result is Microsoft SECCON framework, which organizes Windows 10 devices into one of five distinct security configurations. And it mimics the DEFCON levels used by the United States Armed Forces. The number is lower, the degree of security hardening is higher.

5 Possible Windows 10 SECCON Security Configuration Levels

Level 5: Enterprise Security

For an enterprise device, Microsoft recommends this configuration as the minimum-security configuration. In general, recommendations for this level are straightforward and they can be deployable within 30 days.

Level 4: Enterprise High Security

This configuration is recommended to use for devices where customers access confidential or sensitive information. Since some of the controls may have an influence on app compatibility, it often goes through an audit-configure-enforce workflow. Generally, most organizations can access this level and deploy it within 90 days.

Level 3: Enterprise VIP Security

An organization with a larger or more sophisticated security team can run this configuration for devices. Specific users/groups that are at uniquely high risk or an organization that is likely to be targeted by well-funded and sophisticated adversaries can also employ this configuration.

The recommendations for this security configuration level are complex, for instance, removing local admin authority for some organizations is a long-term project in itself. This level can be deployable beyond 90 days.

Level 2: DevOps Workstation

It is suitable for developers and testers who are attractive targets for supply chain attacks and credential theft attacks. These attacks attempt to access servers and systems holding high-value data or where critical business functions could be disrupted. Microsoft is still developing this guidance and will make another announcement once it is ready.

Level 1: Administrator Workstation

Administrators, especially of identity or security systems face the highest risk via data alteration, data theft or service disruption. Similarly, Microsoft is developing this guidance and will tell the public as soon as it is ready.

The End

Now, all the five security configuration levels of Microsoft SECCON framework are told to you. Actually, this is a draft version and Microsoft is gathering feedback from organizations looking to implement a device security hardening program. And you can find the draft from here.