Microsoft allows you to quickly deploy infrastructures and services to meet all of your business needs.IT organizations heavily invested in Microsoft technologies, ranging from Active Directory, Exchange, Servers, DQL Servers, SharePoint Servers, Web Services etc. Will also need to look at the required IT Security aspects.

When considering various challenges at Microsoft infrastructure, the below points needs to be discussed.

Feature or TechnologyOverview
Access ControlAccess control helps protect files, applications, and other resources from unauthorized use.
AppLockerAppLocker provides policy-based access control management for applications.
BitLockerBitLocker Drive Encryption enables you to encrypt all data that is stored on the operating system volume and configured data volumes for computers running supported versions of Windows. By using a Trusted Platform Module (TPM), it can help ensure the integrity of early startup components.
Credential LockerCredential Locker is managed through the Control Panel by Credential Manager, and supports mostly consumer scenarios.
Credentials protectionNew techniques and features to manage and protect credentials during authentication.
Encrypted Hard DriveEncrypted Hard Drive is a feature that is provided with BitLocker to enhance data security and management.
Exchange ActiveSync Policy EngineSet of APIs that enable apps to apply EAS policies on desktops, laptops, and tablets to protect data that is synchronized from the cloud, such as data from Exchange Server.
Group Managed Service AccountsThe group Managed Service Account provides the same functionality as the standalone Managed Service Account within the domain, and it extends that functionality over multiple servers.
Local Computer Policy SettingsSecurity policy settings are the configurable rules that the operating system follows when it determines the permissions to grant in response to a request for access to resources.

Group Policy Administrative Templates can also be used for security management.

KerberosKerberos protocol is an authentication mechanism that verifies the identity of a user or host.
Local Computer Policy SettingsSecurity policy settings are the configurable rules that the operating system follows when it determines the permissions to grant in response to a request for access to resources.

Group Policy Administrative Templates can also be used for security management.

NTLMThe NTLM authentication protocols are based on a challenge-and-response mechanism that proves to a server or domain controller that a user knows the password associated with an account.
PasswordsThe most common method for authenticating a user’s identity is to use a secret passphrase or password as part of the sign-in process.
Security AuditingSecurity auditing can help identify attacks (successful or not) that pose a threat to your network, or attacks against resources that you have determined are of value through a risk assessment.
Security Configuration WizardThe Security Configuration Wizard is an attack-surface reduction tool that helps administrators create security policies that are based on the minimum functionality required for a server’s roles.
Smart CardsSmart cards provide a tamper-resistant and portable security solution for tasks such as authenticating clients, signing in to domains, signing code, and securing email.
Software Restriction PoliciesSoftware Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run.
TLS/SSL (Schannel SSP)Schannel is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.
Trusted Platform Module (TPM)Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions.
User Account Control (UAC)UAC helps mitigate the impact of malicious programs.
Virtual Smart CardVirtual smart cards offer multifactor authentication and compatibility with many smart card infrastructures, and offer users the convenience of not having to carry a physical card, so users are more likely to follow their organization’s security guidelines rather than working around them.
Windows Biometric Framework and Windows BiometricsThe Windows Biometric Framework (WBF) is a set of services and interfaces that permit consistent development and management of biometric devices, such as fingerprint readers. WBF improves the reliability and compatibility with biometric services and drivers.
Windows DefenderWindows Defender is a full-featured antimalware solution that is capable of detecting and stopping a wider range of potentially malicious software, including viruses.

Microsoft Security Compliance Manager

SCM provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

microc

SCM Use Scenarios

  • Securing Windows Client
  • Locking Down Windows Server Roles
  • Applying Security recommendations to Microsoft Office
  • Creating Public Access or Kiosk Desktops
  • Internet Disconnected Environment

Tracking decision making for security audits.