IT Infrastructure Threat Modeling Guide

  The IT Infrastructure Threat Modeling Guide is now available. Organizations today face an increasing number of threats to their computing environments. You need a proactive approach to assist you in your efforts to protect your organization’s assets and sensitive information. This guide provides an easy-to-understand method that enables you to develop threat models for…


We just released the Hyper-V™ Security Guide!

The new Hyper-V Security Guide has been released. It provides methods and best practices to strengthen the security of computers running the Hyper-V role on Windows Server® 2008. The guide covers the following three topics:   Hardening Hyper-V We provide you with prescriptive guidance for hardening the Hyper-V role and discuss several best practices for…


The Hyper-V Security Guide

The benefits of virtualization are more evident than ever. Microsoft Hyper-V™ technology allows consolidation of workloads that are currently spread across multiple underutilized servers onto a smaller number of servers. This capability provides you with a way to reduce costs through lower hardware, energy, and management overhead while creating a more dynamic IT infrastructure.  …


Update for Solution Accelerators Navigation.

Solution Accelerators Security site has a new face, you should check it out. The Solution Accelerators Techcenter for Security was  published recently to help better navigate the security Solutions Accelerators. The library contains a vast array of Accelerators addressing issues in response management with  The Malware Removal Starter Kit, or hardening guides such as the…


To Social Network, or NOT

  More social networking solutions are available today than ever. As a user of two of the technologies, Linkedin and Facebook, I think both provide great capabilities and both are limited. For example, Linkedin provides capabilities for maintaining a professional profile, while Facebook provides great extensions that allow you to extend your network quickly. Also,…


Integrate AccessChk.exe with DCM Scripts

The DCM feature supports a powerful way for data discovery by using scripting. By invoking AccessChk.exe from DCM scripts, the output of user rights assignment data from AccessChk.exe can be collected by the DCM scripting data discovery provider. The following procedure enables you to use Microsoft Visual Basic Scripting Edition (VBScript) in combination with the…


Regulatory Compliance Guide update!

Folks, we need your help! If you’re interested in contributing to our efforts to provide the best Solution Accelerators for Compliance, read on. Generally, organizations that need to comply with regulations such as SOX and PCI DSS use a variety of disparate commercial and internally developed practices and tools. Microsoft is currently building a comprehensive…


Security identification using Microsoft Assessment and Planning Toolkit 3.1

  Are your PC’s antivirus (AV) and antispyware or anti-malware (AM) programs actually running? If anything should keep you up at night, it’s the question of whether your users’ desktops and laptops are protected from malware.       Previously we talked about how NAP can provide a defense-in-depth layer to protect your PCs. But…


Configuration Drift

    In my last blog I introduced a new Solution Accelerator called the Security Compliance Management toolkit. Today I’d like to help you learn more about this new Accelerator, but in a somewhat indirect way—by discussing a problem space known as configuration drift.   Probably the simplest way to understand configuration drift is to…


Security Compliance Management Released!

  If you have not heard yet, Solution Accelerators has released a great new toolkit!.   Microsoft has created the Security Compliance Management toolkit. The toolkit provides best practices from Microsoft about how to plan, deploy, and monitor a security baseline. In addition, the toolkit provides some information about how to remediate security baseline issues….