This document discusses security features in Windows 10. It describes Microsoft's vision to help protect against cyber threats while increasing productivity through cloud access. Windows 10 provides pre-breach protections like Windows Defender, Device Guard, and identity protections. For post-breach detection and response, it discusses Windows Defender Advanced Threat Protection and its ability to investigate security incidents across endpoints through threat intelligence and breach detection. The document outlines how these security tools provide protection, detection, and response capabilities in the Windows 10 defense stack.
5. N° 5
VISION SÉCURITÉ DE MICROSOFT
Aider à protéger contre les
compromissions en découvrant les
violations potentielles
Augmentez la productivité avec
l’accès au cloud tout en continuant
à protéger les données
Offrir une sécurité renforcée pour
les appareils de l’entreprise et
personnels
Appliquer des politiques qui aident
à garder les ressources de cloud et
les environnements hybrides sûrs
6. N° 6
L’ARSENAL DE DEFENSE DE WINDOWS 10
PROTEGER, DETECTER & REPONDRE
PRE-BREACH POST-BREACH
Windows Defender
ATP
Breach detection
investigation &
response
Device
protection
Device Health
attestation
Device Guard
Device Control
Security policies
Information
protection
Device protection /
Drive encryption
Enterprise Data
Protection
Conditional access
Threat
resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Built-in 2FA
Account lockdown
Credential Guard
Microsoft Passport
Windows Hello ;)
Identity
protection
Détection de
compromission
Investigation &
Réponse
Protection de
l’appareil
Protection de
l’information
Résistance aux
menaces
Conditional Access
Windows Defender
ATP
Intégrité de l’appareil
Contrôle de l’appareil
BitLocker et
BitLocker to Go
Windows
Information
Protection
SmartScreen
Windows Firewall
Microsoft Edge
Device Guard
Windows Defender
Windows Hello ;)
Credential Guard
Protection de
l’identité
8. N° 8
TPM
Service Web, AD,
Azure AD, etc.
Windows Hello
for Business
Authentification
avec les clés publiques
Clés privées
protégés avec
le TPM
PIN
Hello
Biométrie
ou
Présenceutilisateur
Appareils
compagnon
ou
Présence utilisateur
WINDOWS HELLO (FOR BUSINESS)
11. N° 13
PRÉREQUIS SELON TYPES DE DÉPLOIEMENT
Credential Cloud (AAD) Interne (AD) Hybride (AD+AAD)
Clé
Windows 10 GA Windows 10 future update
WS2016 AD (quelques DCs)
WS2016 AD FS
PKI (CA)
Windows 10 1511 update
Azure AD Connect
WS2016 AD (quelques DCs)
PKI (CA)
Certificat
Windows 10 GA
PKI (CA + NDES)
Intune
Windows 10 (maj future)
WS2016 AD DS schema
WS2016 AD FS
PKI (CA + NDES)
SCCM vNext
Windows 10 1511
PKI (CA + NDES)
SCCM vNext/Intune
12. Configure and manage EDP policies with Intune
and Azure Rights Management
Separate personal and corporate data with
limited impact to employee’s day-to-day activities
Protect data at rest and wherever it may
roam*
User
Corporate
network
Microsoft Intune
&
Azure Rights
Management
Apply policies
Save
Save
Share files and
enforce policies
File share
Personal
storage
Secure content collaboration through
integration with Azure Rights Management
* Some roaming scenarios use Azure Right Management
Control app access to corporate data and
prevent copy and paste-related data leaks
WINDOWS INFORMATION PROTECTION
15. N° 17
WINDOWS DEFENDER
ADVANCED THREAT PROTECTION
D E T E C T A D V A N C E D A T T A C K S A N D R E M E D I A T E B R E A C H E S
Unique threat intelligence knowledge base
Unparalleled threat optics provide detailed actor profiles
1st and 3rd party threat intelligence data.
Rich timeline for investigation
Easily understand scope of breach. Data pivoting
across endpoints. Deep file and URL analysis.
Behavior-based, breach detection
Actionable, correlated alerts for known and unknown adversaries.
Real-time and historical data.
Built in to Windows, cloud powered
No additional deployment & Infrastructure. Continuously
up-to-date, lower costs.
17. N° 20
THE WINDOWS 10 DEFENSE STACK
PROTECT, DETECT & RESPOND
PRE-BREACH POST-BREACH
Windows Defender
ATP
Breach detection
investigation &
response
Device
protection
Device Health
attestation
Device Guard
Device Control
Security policies
Information
protection
Device protection /
Drive encryption
Enterprise Data
Protection
Conditional access
Threat
resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Built-in 2FA
Account lockdown
Credential Guard
Microsoft Passport
Windows Hello ;)
Identity
protection
Breach detection
investigation &
response
Device
protection
Information
protection
Threat
resistance
Conditional Access
Windows Defender
ATP
Device integrity
Device control
BitLocker and
BitLocker to Go
Windows
Information
Protection
SmartScreen
Windows Firewall
Microsoft Edge
Device Guard
Windows Defender
Windows Hello ;)
Credential Guard
Identity
protection
20. Windows 10 Security on Modern Devices
(Fresh Install or upgraded from 64-bit Windows 8 )
POST-BREACHPRE-BREACH
Breach detection
investigation &
response
Device
protection
Identity
protection
Information
protection
Threat
resistance
L’adoption d’une posture « Assume Breach » permet d’intégrer ce fait. Cela représente un changement majeur qui consiste à s’autoriser à penser que les défenses numériques soient vulnérables à un moment donné ou à un autre.
Accepter une telle posture ne veut pas dire se soumettre ; Cela signifie que vous avez pris la première étape vers l'atténuation des risques
Quel est alors le plan B ? Quel est le plan pour détecter une intrusion ? Comment réagir face à ce type d’incident ?
Il s’agit typiquement de la stratégie à défendre aujourd’hui au travers des 3 phases mentionnées.
En termes de détection, il s’agit d’aller vers une approche comportementale où la détection s’effectue sur le comportement du vecteur d'attaque.
Et pour ce qui est de la réponse, c'est un autre domaine qui passe par un changement radical dans la façon de réagir, avec des évolutions ou transformations d’une configuration as-a-Service par le biais de l’application dynamique de politiques.
https://testdrive-fido.azurewebsites.net/
https://testdrive-fido.azurewebsites.net/
Note: The Windows 10 “enterprise data protection” capabilities shown on this slide are still in development. These capabilities could be modified before commercially released.
With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data disclosure through apps and services that are outside of the enterprise’s control like email, social media, and the public cloud.
Many of the existing solutions try to address this issue by requiring employees to switch between personal and work containers and apps, which can lead to a less than optimal user experience. The Windows 10 feature code-named Enterprise Data Protection (EDP) offers a better user experience, while helping to better separate and protect enterprise apps and data against disclosure risks across both company and personal devices, without requiring changes in environments or apps. Additionally, EDP when used with Azure Rights Management (RMS) can help to protect your enterprise data locally, persisting the protection even when your data roams or is shared.
With Intune, IT admins can manage EDP policies to protect corporate data (this is similar to the Intune MAM capabilities for iOS and Android). Additional management capabilities for data protection and separation are also available with Windows 10.
Note: With EDP, you can protect Windows 10 apps and data without the need for an App Wrapping Tool or App SDK.