But the Microsoft security baseline can make things a lot easier for you when you’re configuring your environment to minimize its attack surface. Well, Microsoft recently released the fundamental security configuration settings for Windows 10 and Windows Server 2004.

4 configuration settings updates for Windows 10 2004 security baseline

1. Extended Protection for LDAP Authentication

Microsoft has updated the MS Security Guide to make Extended Protection for LDAP Authentication part of Windows. The setting isn’t new though as it came with the Windows Server v1809 Domain Controller baseline. With the latest security baseline changes, you can use Extended Protection for LDAP Authentication without having to create a custom ADMX. In addition, the policy is available to all Active Directory domain controllers. The Extended Protection for LDAP Authentication baseline value remains the same though. Only its location has changed. However, you need to have installed the March 10, 2020 security patch to configure the policy on Windows 10.

2. Microsoft Defender ATP file hash

MDATP users now have the option to turn on file hashing and enhance blocking for custom indicators in the Windows antivirus. When the new setting is on, Windows computes a file hash for every executable file that MDATP scans. But there’s a catch—MDATP file hashing may slow down your PC. It’ll certainly take a toll on your machine if you frequently install or develop executables or update your applications. Microsoft explains: The tool mitigates the performance impact by generating file hashes only once for each scanned executable. Still, you may want to keep the new setting off if you don’t use Microsoft Defender ATP. If you really have to use the setting, Microsoft recommends that you implement it in a controlled manner. This will allow you to do a thorough performance cost analysis.

3. Windows 10 Account Password Length

Microsoft appears very committed to building systems that require no passwords to access. You can tell that from the latest improvements on features like Windows Hello. After deprecating the Windows 10 account password expiry policy, the Redmond tech giant introduced two new password security settings. Relax minimum password length limits is one of the new settings, and it allows admins to enforce user password lengths of up to 128 characters. Before this update, users couldn’t set passwords longer than 14 characters. Longer passwords are obviously more difficult to guess and are an important safeguard against brute force attacks. Microsoft says that the new setting may be incompatible with existing systems and processes, however. That’s why there’s the new Minimum password length audit setting. The additional feature lets you assess the impact of changing your password length policy. Apart from that, it includes three new SAM events for configuration, errors, and awareness. This way, you’re less likely to change your password length policies oblivious of the damage the changes may cause to other Windows systems. Nonetheless, the new policy isn’t part of the security baseline for Windows 10 2004.

4. Behavior Monitoring

Microsoft doesn’t think Behavior Monitoring requires enforcement, so it removed it from the security baseline. As a result, the feature is no longer in its usual location. Microsoft added: Besides announcing the security baseline changes, Microsoft revealed that it will be releasing updates for LGPO and Policy Analyzer. What’s your take on the latest Windows 10 security baseline updates? Please share your thoughts in the comments section below.

SPONSORED Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ