Speculative Execution Configuration Baseline updated for L1TF CVE-2018-3620

We have updated the Speculative Execution Side-Channel Vulnerabilities Configuration Baseline.  The updated baseline now includes support for verifying the protections for CVE-2018-3620 (L1 Terminal Fault) in addition to the previously supported CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. Download the updated baseline This Compliance Settings configuration baseline is used to confirm whether a system has enabled the mitigations…


Updated: Speculation Execution Side-Channel Vulnerabilities Configuration Baseline

We have updated the Speculation Execution Side-Channel Vulnerabilities Configuration Baseline.  The updated baseline now includes support for verifying the protections for CVE-2018-3639 (Speculative store bypass) in addition to the previously supported CVE-2017-5715 and CVE-2017-5754. Download the updated baseline This configuration baseline is used to confirm whether a system has enabled the protections needed for the…

2

Monthly antimalware platform updates for Windows Defender

Beginning with December 2017, Microsoft is releasing antimalware platform updates for Windows Defender each month. The platform updates will be published as follows: category: Definition Updates, product: Windows Defender. If you use a Configuration Manager automatic deployment rule (ADR) to approve and deploy definition updates for Windows Defender, that same ADR will now pick up…

4

Configuration Manager 2007 and Windows Enforcement of SHA1 Certs

System Center Configuration Manager 2007 supports SHA-1 but does not support SHA-2 certificates. If you use SHA-2 certificates with Configuration Manager 2007, Configuration Manager continues to operate as expected using SHA-1 fallback.    For more information, see Windows Enforcement of SHA1 certificates. For later versions of Configuration Manager see, System Center 2012 Configuration Manager and…


How Windows Defender harnesses the power of machine learning to help make Windows 10 Microsoft’s most secure client OS

Windows Defender harnesses the power of machine learning, contributing to making Windows 10 Microsoft’s most secure client operating system and providing increased protection against security threats facing consumers and commercial enterprises today. To reduce the number of both false negative and false positive detections, Microsoft’s automation pipeline uses a variety of tools and technologies to…


How to deploy Potentially Unwanted Application protection with Microsoft Configuration Manager

Potentially Unwanted Application (PUA) is a threat classification based on reputation and research-driven identification. Most commonly, these PUAs are unwanted applications that come bundled with some other application installer. With Microsoft System Center 2012 Endpoint Protection and Configuration Manager, you can protect your users from PUAs by simply deploying an antimalware policy in your Configuration…


Managing Windows 10 Device Guard with Configuration Manager

We are excited to share information on how to deploy Device Guard on Windows 10 devices managed by Configuration Manager, using existing capabilities in System Center 2012 R2 Configuration Manager SP1. Why Device Guard? Device Guard is a new feature…(read more)


Quick Tip: Windows Defender clients on Windows 10 fail to get software updates from Configuration Manager

~ Ranajoy Dutta | Senior Support Engineer Hi everyone, Ranajoy Dutta here. I’m a Senior Support Engineer on Microsoft’s Configuration Manager team and thought I’d share a quick tip about an issue you might run into with Windows Defender on Windows 10. The problem usually is first noticed by the fact that the Windows Defender…