Microsoft releases Windows 10 security pack

Microsoft has worked with the UK’s National Cyber Security Centre (NCSC) to put their guidance on securing Windows 10 into a download pack that can be imported into Microsoft Intune.

Microsoft Intune is a service that has been adopted by a range of businesses and organisations to manage staff devices and apps from one place using the Azure cloud platform.

Instead of spending days manually entering security guidance settings, IT professionals can now import them directly in a few clicks, ensuring applied security is consistent throughout organisations, Microsoft claims.

The use of the pack, the company said, allows an IT professional to import all of the guidance settings rather than having to manually enter them, in a move that would normally take days. This also ensures that the settings are applied consistently and reduces errors.

Stuart Aston, national security officer at Microsoft UK, said many cyber attacks could be mitigated by using simple security features already present in the Windows 10 platform.

“This new downloadable pack will help companies and organisations take a big step towards ensuring their systems and staff are safe online,” he said.

The initiative is also aimed at helping UK companies meet the expectations of the UK privacy watchdog, the Information Commissioner’s Office (ICO), that they take steps to protect themselves online.

While the ICO accepts cyber attacks are a criminal act, information commissioner Elizabeth Denham said organisations have a responsibility to take steps to protect themselves against cyber criminals.

“Had TalkTalk and Carphone Warehouse implemented rudimentary protections, attackers would not have gained access to their systems. If NHS systems had been patched and up to date, they would have been protected from WannaCry,” she told attendees of the NCSC’s recent CyberUK 2018 conference in Manchester.

The government’s National security strategy and strategic defence and security review, published in 2015, warned that the “volume and complexity of cyber attacks against the UK are rising sharply, as are the costs to business”. It pointed to the NCSC as the single point of contact for anyone seeking advice and promised to help companies and the public “do more to protect their own data from cyber threats”.

More recently, the latest joint cyber threat report by the NCSC and the National Crime Agency (NCA) warned criminals are carrying out more online attacks on UK businesses than ever before.

The new Microsoft download pack is designed to configure Windows 10 to align with the NCSC’s 12 End User Device Security Principles and will help prevent users from downloading malicious software by configuring Windows SmartScreen, restricting the running of software unless it has been cleared for safe use, and protecting against the theft of credentials.

“Microsoft believes security should always come first, which is why we have developed this pack with the NCSC. It enables customers to turn on the Windows 10 guidance in a consistent way, so they can feel confident that their systems comply with the latest NCSC recommendations.”

Microsoft said businesses can find more information about Intune on the NCSC website, download the configuration as a zipped JSON file and import scripts on GitHub.