Written by Rafael Silva

Windows Server 2022 Security Baseline

Windows Server 2022 Security Baseline

https://ift.tt/3BYY8Ox

We are pleased to announce the release of the security baseline package for Windows Server 2022!

 

Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement as appropriate.

 

Three new settings have been added for this release, an AppLocker update for Microsoft Edge, a new Microsoft Defender Antivirus setting, and a custom setting for printer driver installation restrictions.

 

AppLocker

Now that Microsoft Edge is included within Window Server we have updated the domain controller browser restriction list. The browser restriction list now restricts Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Microsoft Edge. Should additional browsers be used on your domain controllers please update accordingly.

 

Script Scanning

Script scanning was a parity gap we had between Group Policy and MDM. Since this gap is now closed we are enforcing the enablement of script scanning (Administrative Templates\Microsoft Defender Antivirus\Real-time Protection\Turn on script-scanning).

 

Restrict Driver Installations

In July a Knowledge Base article and subsequent patch was released for CVE-2021-34527, more commonly known as “PrintNightmare”. We have added a new setting to the MS Security Guide custom administrative template for SecGuide.admx/l (Administrative Templates\MS Security Guide\Limits print driver installation to Administrators) and enforced the enablement.

 

Please let us know your thoughts by commenting on this post or via the Security Baseline Community.

office365,Azure,microsoft

via Microsoft Tech Community https://ift.tt/2cKGgvU

September 9, 2021 at 03:48AM
Rick_Munck