[German]Microsoft has updated the so-called Security Baseline (a tool for security administrators in companies) for Windows 10 version 21H2 and released it generally. In the current version, not only the latest Windows 10 version is supported. There are also special guidelines for printing or protection against ransomware. Here is a brief overview.
Security Baseline for Windows
The Security Baseline package is a set of tools that enable enterprise security administrators to download, analyze, test, edit and save Microsoft-recommended security configuration baselines for Windows and other Microsoft products, and compare them to other security configurations.
Announcement of the new release
In this release, the Security Baseline brings some new policies, which are detailed in the Techcommunity post.
- In this release, a setting for printer driver installation restrictions has been added (which is also included in the Windows 11 release). This is to respond to the CVE-2021-34527 (PrintNightmare) vulnerability by restricting driver installation.
- Since the Microsoft Edge browser in the legacy version is out of support on March 9, 2021 and is no longer included in Windows 10 21H2, relevant settings have been removed from the package
Microsoft also notes to make sure tamper protection is enabled in Microsoft Defender for Endpoint (Tamper Protection) when enabling the Microsoft Security Baseline. This is to provide an additional layer of protection against ransomware. The Security Baseline can be downloaded for free as part of the Microsoft Security Compliance Toolkit 1.0.
Cookies helps to fund this blog: Cookie settings