Configuration Manager 2007 and Windows Enforcement of SHA1 Certs

System Center Configuration Manager 2007 supports SHA-1 but does not support SHA-2 certificates. If you use SHA-2 certificates with Configuration Manager 2007, Configuration Manager continues to operate as expected using SHA-1 fallback.    For more information, see Windows Enforcement of SHA1 certificates. For later versions of Configuration Manager see, System Center 2012 Configuration Manager and… Read more

How Windows Defender harnesses the power of machine learning to help make Windows 10 Microsoft’s most secure client OS

Windows Defender harnesses the power of machine learning, contributing to making Windows 10 Microsoft’s most secure client operating system and providing increased protection against security threats facing consumers and commercial enterprises today. To reduce the number of both false negative and false positive detections, Microsoft’s automation pipeline uses a variety of tools and technologies to… Read more

How to deploy Potentially Unwanted Application protection with Microsoft Configuration Manager

Potentially Unwanted Application (PUA) is a threat classification based on reputation and research-driven identification. Most commonly, these PUAs are unwanted applications that come bundled with some other application installer. With Microsoft System Center 2012 Endpoint Protection and Configuration Manager, you can protect your users from PUAs by simply deploying an antimalware policy in your Configuration… Read more

Managing Windows 10 Device Guard with Configuration Manager

We are excited to share information on how to deploy Device Guard on Windows 10 devices managed by Configuration Manager, using existing capabilities in System Center 2012 R2 Configuration Manager SP1. Why Device Guard? Device Guard is a new feature…(read more)… Read more

Quick Tip: Windows Defender clients on Windows 10 fail to get software updates from Configuration Manager

~ Ranajoy Dutta | Senior Support Engineer Hi everyone, Ranajoy Dutta here. I’m a Senior Support Engineer on Microsoft’s Configuration Manager team and thought I’d share a quick tip about an issue you might run into with Windows Defender on Windows 10. The problem usually is first noticed by the fact that the Windows Defender… Read more

Announcement: SCAP Extensions 3.0 for System Center Configuration Manager is now available

The Configuration Manager Sustained Engineering team is pleased to announce the release of the SCAP Extensions version 3.0 for System Center Configuration Manager. You can download it from the Microsoft Download Center: http://www.microsoft.com/en-us…(read more)… Read more

Announcement: Update your System Center Online Authentication Certificate for Asset Intelligence (June 2015)

When the Configuration Manager Asset Intelligence synchronization point first connects to System Center Online, it presents the System Center online authentication certificate to enroll in the service. This is a public certificate that is used by all…(read more)… Read more

Support Tip: Why can’t I deploy this Digital Certificate Security Advisory with WSUS or Configuration Manager?

~ Meghan Stewart | Support Escalation Engineer Here in product support we get a lot of questions regarding how to tell if computers are protected when Microsoft Security Advisories include updates to the Certificate Trust List (CTL), which is also known as the Disallowed Certificates update. Microsoft updates the CTL for Windows to remove trust… Read more

Why Microsoft Security Bulletins MS15-049 and MS15-051 are listed as MS15-044 in WSUS and Configuration Manager

~ Meghan Stewart | Support Escalation Engineer If you’ve reviewed the Security Bulletin Summary for May 2015, you may have noticed that some security bulletins appear to be missing from your WSUS or Configuration Manager console. If you open the Microsoft Update Catalog and put in all of the KB numbers that were published under… Read more

New Whitepaper on Securing and Hardening NDES for Microsoft Intune and ConfigMgr 2012

We just published a new whitepaper that describes best practices for securing and hardening the Network Device Enrollment Service (NDES) server role for use with Microsoft Intune and System Center 2012 Configuration Manager. The whitepaper details how Microsoft’s policy module secures certificate deployment through NDES as well as best practices for how to secure NDES… Read more