eBook - ePub

Windows 10 for Enterprise Administrators

Name: Windows 10 for Enterprise Administrators
Author: Jeff Stokes, Manuel Singer, Richard Diver

Jeff Stokes, Manuel Singer, Richard Diver

314 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Windows 10 for Enterprise Administrators

Jeff Stokes, Manuel Singer, Richard Diver

Book details

Book preview

Table of contents

Citations

About This Book

Learn the art of configuring, deploying, managing and securing Windows 10 for your enterprise.About This Book• Enhance your enterprise administration skills to manage Windows 10 Redstone 3• Get acquainted with configuring Azure Active Directory for enabling cloud-based services and Remote Server Admin Tools for managing Windows Server• Provide enterprise-level security with ease using the built-in data loss prevention of Windows 10Who This Book Is ForIf you are a system administrator who has been given the responsibility of administering and managing Windows 10 Redstone 3, then this book is for you. If you have deployed and managed previous versions of Windows, it would be an added advantage.What You Will Learn• Understand the remote access capabilities• Use third-party tools to deploy Windows 10• Customize image and user Interface experience• Implement assigned access rights• Configure remote administration• Manage Windows 10 security• Work with Azure AD and Intune managementIn DetailMicrosoft's launch of Windows 10 is a step toward satisfying the enterprise administrator's needs for management and user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 10 Enterprise.This practical guide shows Windows 10 from an administrator's point of view. You'll focus on areas such as installation and configuration techniques based on your enterprise requirements, various deployment scenarios and management strategies, and setting up and managing admin and other user accounts. You'll see how to configure Remote Server Administration Tools to remotely manage Windows Server and Azure Active Directory.Lastly, you will learn modern Mobile Device Management for effective BYOD and how to enable enhanced data protection, system hardening, and enterprise-level security with the new Windows 10 in order to prevent data breaches and impede attacks.By the end of this book, you will know the key technologies and capabilities in Windows 10 and will confidently be able to manage and deploy these features in your organization.Style and approachThis step-by-step guide will show you how to configure, deploy, manage, and secure the all new Windows 10 Redstone 3 for your enterprise.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Windows 10 for Enterprise Administrators an online PDF/ePUB?

Yes, you can access Windows 10 for Enterprise Administrators by Jeff Stokes, Manuel Singer, Richard Diver in PDF and/or ePUB format, as well as other popular books in Computer Science & Operating Systems. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2017

ISBN

9781786463173

Edition

Topic

Computer Science

Subtopic

Operating Systems

Index

Computer Science

Windows 10 Security

In the previous chapter, you learned about the risks and impact of personally owned devices on information security and the practical steps you can take to ensure the appropriate protection is applied. In this chapter, we'll look at the new security options available with Windows 10 and how they can be combined with existing security to enhance protection. We will explore their benefits and their hardware and software requirements and point you to caveats when implementing some of them.

We will cover the following topics in this chapter:

Windows Hello and Windows Hello for Business
Virtual-based security
Credential Guard
Device Guard
Windows Defender Application Guard (WDAG) for Microsoft Edge
Windows Defender Exploit Guard
Device Health Attestation
New BitLocker options
Local Administrator Password Solution

Today's security challenges

Welcome to computer viruses, Trojan horse, rootkits, Backdoors, worms, ransomware, scareware, rogue security software, scamware, crapware, malware, adware, spyware, riskware, grayware, unwanted software, and many, many other threats.

And they are getting more and more sophisticated. Scared?

The cyber-security landscape has changed a lot in the past years. Have you also adapted to it? You can speak of a revolution of cyber threats. Cybercrime has moved on to cyber-espionage, cyber-warfare, and cyber-terror. Where former attackers focused on Fortune 500 companies, you see attackers now go after any target, all verticals, all supply chains, subcontractors, small businesses, and line-level individuals. Malware and vulnerabilities have moved on to credential theft at a large scale and advanced persistent threats. You need to combat this revolution, and it is a very challenging task.

The following figure shows the evolution of attacks:

In the past, attacks were frequently run by what we call script kiddies, who were mostly unskilled individuals using scripts and programs developed by others. Their attacks were unsophisticated and mostly motivated by mischief or fame. The most impact was made by Blaster and Slammer in this time.

Since 2005, organized crime came more and more into the game. Their attacks were more sophisticated and differentiated. New threats such as ransomware, click fraud, and identity theft became commonplace. They are motivated by monetizing cybercrime. Since 2010, we've seen an upcoming trend of CryptoLockers. The organized crime scene even provides 24/7 hotlines if you become a victim of such CryptoLockers and you have problems entering the paid unlock key.

Since 2012, we speak of now in terms of cyber threats. We know nation states, terror groups, and activists are also a threat. They use very sophisticated and well-sourced attacks. They have different motives such as IP theft, damage, disruption, and revenge. In the past, it took several days to weeks from planning to exploit. Today, it takes only hours or days, and we speak of zero-day exploits.

We need a new approach to addressing threats. The economic model of attacks needs to be ruined. No more scaling and large attack styles. We need to break the attack playbooks. Each attack needs to be unique and time consuming again. And we need to eliminate all actual vectors of attack. To this effect, four main pillars for threat protection have been named:

Device protection
Threat resistance
Identity protection
Information protection

When observing typical attack timelines, the average time between first host compromise and domain admin compromise is only 24-48 hours. But it takes between 11-14 months to detect the attack. So we need to redefine the defense stack in pre-breach and post-breach environments and assume a breach at some point. So there is a fifth pillar called breach detection, investigation, and response.

Device protection is aimed at improving your hardware protection. Hackers could easily drop malware such as a rootkit onto your device and compromise your device before the OS is started. You can compare such a rootkit with a hypervisor, and if it is well written, the OS will not be able to detect it at all. Well-known things such as Trusted Platform Module (TPM), Unified Extensible Firmware Interface (UEFI), secure boot, and Early Launch Antimalware (ELAM) functionality can help protect your device integrity and protect your OS before it starts. New security has been added to Windows 10 with virtualization-based security containers and new biometric sensors for two-factor authentication.

Threat resistance is aimed at hardening your OS against viruses, Trojans, and other malware. Well-known things such as the SmartScreen reputation filter, client firewall, and Windows Defender anti-malware can hardly keep up with around 390,000 new malware programs that are created each day. New security was introduced in Windows 10 with Device Guard, a tamper-proof advanced AppLocker, WDAG, and secure OS containers for applications such as Edge, and Edge has been hardened further by limiting its access to certain dynamic-link libraries (DLL) APIs and removing outdated and security-critical technology.

Identity protection is aimed at getting rid of passwords and protecting secondary credentials with the new security of Windows Hello and Credential Guard. This defends against Pass-the-Hash (PtH) attacks with the help of a secure OS container using VBScript. Together with Windows Hello and next-generation credential services, the attack surface is further limited and sensitive information is protected.

Information protection is aimed at protecting information as long it resides in the device to protect against loss or theft and to protect data when transferring between devices. Well-known solutions such as BitLocker and BitLocker to Go are combined with new Windows 10 security with the new BitLocker Algorithm XTS and Windows Information Protection a.k.a. Enterprise Data Protection, and a good combination of Encrypted File System (EFS) and Rights Management System (RMS) with easy boundary definition and B2B support in a transparent container for all sensitive data.

In the modern world of cyber threats, we must assume the potential for a breach. So breach detection, investigation and response is aimed at detecting these breaches faster and starting countermeasures as soon as possible. With improved Windows 10 security with more granular conditional access, new Device Health Attestation (DHA), and Windows Defender Advanced Threat Protection (ATP) on the client side, this post-breach protection should be enhanced. On the server side, the addition of Microsoft Advanced Threat Analytics (ATA) will help us detect suspicious behavior. ATP and ATA will be covered in another chapter.

Let's have a look at the new Windows 10 security features.

Windows Hello/Windows Hello for Business

According to Microsoft's newest security report, the password length recommendation has been raised to a minimum of 12 characters. But strong passwords can be difficult to remember, and forcing users to frequently change their passwords will often lead to yellow sticky note problems. Also, users often reuse passwords. Passwords are sometimes shared among individuals. Server breaches can expose passwords, especially if they are stored in plain-text or hashed without a sa...