With 'Microsoft Secure Score For Devices', Microsoft Rates Users' Security Configurations

ATP

Microsoft Windows is the most popular operating system for regular PC users. Despite controversies, Microsoft still sees security as one of its priorities in Windows 10.

The operating system has what it calls Microsoft Defender Advanced Threat Protection (ATP), which according to the company's document, is "an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats."

Microsoft has increased its effort on ATP, by introducing a configuration it calls the 'Microsoft Secure Score for Devices'.

What it does, is giving users' devices and network a security score, that simply tells users the health of their environment based on how they are configured.

A high score means the collective security configuration is in a good state across applications, operating systems, network, accounts, and security controls. A bad score, naturally, means the opposite.

The score can be seen in the Threat and Vulnerability Management service dashboard component of Microsoft Defender Security Center.

According to its document page, Microsoft Secure Score for Devices reflects the collective security configuration state of devices across the following categories:

  1. Application.
  2. Operating system.
  3. Network.
  4. Accounts.

It then continuously:

  1. Compare collected configurations to the collected benchmarks to discover misconfigured assets.
  2. Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction).
  3. Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams).
  4. Collect and monitor changes of security control configuration state from all assets.

The tool should be useful for those who care about the security of their systems, as it can scour devices and networks for vulnerabilities. Through the cards, Defender ATP users should be able to see a list of recommendations based on what the scan finds.

For example, cards can show that systems contain issues, like a built-in administrator account has been disabled, the version of Windows 10 or Windows Server scanned is outdated, an account using the highly-privileged Administrator rights, and so forth.

Microsoft Secure Score for Devices
The tool comes with details and remediation options. (Credit: Microsoft)

Microsoft explains hackers can launch their attacks through password-guessing, brute-force attacks and some other techniques. And these attacks generally happen after a security breach has already occurred.

Score cards generated by 'Microsoft Secure Score For Devices' is the product of "meticulous and ongoing vulnerability discovery".

This involves things like comparing collected configurations from scans, with collected benchmarks, the best-practice benchmarks from various vendors, leads from security feeds, and information taken from Microsoft's internal research teams.

For convenience, users can export a checklist of remediations to be undertaken in CSV format, so they can share the score card with their team members. After remediations are completed, the security store should improve accordingly.

This tool is certainly useful. But it does have some weaknesses.

For example, there could be false alarms related to only partial support for its Intune mobile device management platform.

"Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management," said Microsoft.

To address some of the issues in Windows Defender ATP that impede Microsoft Secure Score for Devices' analysis, Microsoft has pointed out four mandatory security updates (4512941, KB 4516077, KB 4516045, KB 4516071) which were released over the past few years so users can install them.

Published: 
08/07/2020