Security State Assessment goes live on MU!

  • Article

My name is Adrienne Wu, and I’m a Program Manager on the Forefront Client Security (FCS) team. When I first started here at Microsoft, I was an intern and I worked on the early planning for what would eventually become Security State Assessment, or SSA. When I returned as a full-time employee, I continued this work, only instead of a plan, it had become a reality!

 

Today is an interesting day for me; it is the day our original goal for SSA will truly be realized.

 

With SSA, we wanted to provide visibility into critical vulnerabilities and configuration exposures on managed computers, enabling our customers to focus critical IT resources on the right security issues. Our solution was to include an SSA agent to scan and report on the security state of a computer, with security checks driving evaluations.

 

We achieved this goal, and Forefront Client Security 1.0 shipped with some great checks out of the box.

 

But we also wanted to be able to provide new checks, so that we could continue to extend, over time, the vulnerability coverage provided by SSA. We decided to implement our checks using a definitions file, which could be published to Microsoft Update, and downloaded much like antimalware signatures.

 

Today, we’ve published our first new check using this channel.

 

The Unapproved Updates check determines whether there are any missing Microsoft security updates that have not yet been approved. The Security Updates check, which is already included in SSA, scans for missing updates available through the default service registered with Automatic Update. For example, updates approved on WSUS.

 

The Unapproved Updates check scans against Microsoft Update, and determines if there are any missing updates that are available, but not approved for download. The score from this check doesn’t contribute to the number of computers reporting critical issues in the FCS console, but the results will show up in reports, and administrators can see how many computers are vulnerable while a required security update undergoes their company’s approval process.

 

So if you’re using Forefront Client Security, take a look at your Deployment Summary. You should see your managed clients updating to vulnerability definition version 1.0.1709.0. The definition download should also be appearing on your WSUS server. In your Security State Assessment Summary report, you should start to see results from the Unapproved Updates check.

 

You can learn more about the check in our Technical Reference on the Forefront Client Security TechCenter.

 

We’ll have more checks to come, and I hope you’ll be as excited as we are to see new checks coming down from MU!

 

Adrienne Wu

Program Manager

Microsoft Forefront Client Security