Forum Widgets
Latest Discussions
Start strong with MCSB v2
Cloud adoption is accelerating, but so are threats. Organizations often rush to deploy workloads without a clear security baseline, leaving critical gaps that attackers can exploit. Enter Microsoft Cloud Security Benchmark (MCSB) v2, now in public preview, designed to help you start well-protected and evolve securely. What Is Microsoft Cloud Security Benchmark v2? MCSB v2 is a comprehensive set of best practices and controls for securing cloud resources across Azure and hybrid environments. It aligns with: Industry standards: NIST, CIS, ISO Microsoft Secure Future Initiative (SFI) Zero Trust principles This benchmark provides prescriptive guidance for identity, network, data, and workload security helping organizations establish a strong foundation before customizing for their unique needs. Security Domains in MCSB v2 The benchmark organizes guidance into security domains, each representing a critical area of cloud security: Identity Management MFA enforcement, Conditional Access, privileged identity management. Network Security Segmentation, firewall rules, private endpoints. Data Protection Encryption at rest and in transit, key management. Asset Management Resource inventory, tagging, and governance. Logging & Monitoring Centralized logging, alerting, and SIEM integration. Incident Response Playbooks, automation, and escalation workflows. Application Security Secure coding practices, vulnerability scanning. Compliance & Governance Policy enforcement, regulatory alignment. Security Control Structure Each control in MCSB v2 follows a structured format for clarity and implementation: Control ID: Unique identifier for tracking. Control Name: Descriptive title (e.g., “Enable MFA for all users”). Control Category: Maps to a security domain. Control Objective: What the control aims to achieve. Implementation Guidance: Detailed steps for configuration. Azure Policy Mapping: Built-in policy definitions for automation. References: Links to Microsoft Learn and industry standards. This structure ensures consistency, traceability and ease of adoption across large environments. Integration with Azure Policy & Defender for Cloud One of the most powerful aspects of MCSB v2 is its native integration with Azure governance and security tools: Azure Policy Pre-built policy initiatives mapped to MCSB controls. Enables policy-as-code for automated enforcement across subscriptions. Supports compliance dashboards for visibility and reporting. Microsoft Defender for Cloud Monitors compliance against MCSB controls in real time. Provides secure score and recommendations for remediation. Integrates with workflows for alerting and automation. How to Get Started Review the Benchmark Explore the full guidance here: https://learn.microsoft.com/en-us/security/benchmark/azure/overview Apply Built-In Policies Use Azure Policy initiatives mapped to MCSB controls for quick enforcement. Monitor Compliance Leverage Microsoft Defender for Cloud to track adherence and remediate gaps. Tune for Your Needs Start with the baseline, then customize based on workload sensitivity and business requirements. Best Practices for Organizations Enable MFA and Conditional Access for all identities. Segment networks and enforce least privilege. Encrypt data at rest and in transit using Azure-native capabilities. Enable Defender for Cloud for continuous posture management. Automate compliance with policy-as-code. Cloud security isn’t static. Threats evolve, and so should your defenses. MCSB v2 gives you a future-ready foundation that scales with your business and integrates with Microsoft’s security ecosystem.
Microsoft 365 Apps for Enterprise Security Baseline 2412; when available?
https://learn.microsoft.com/en-us/intune/intune-service/protect/security-baseline-v2-office-settings?pivots=v2306 is currently available in Intune. Microsoft already released the 2412 version via the Microsoft Security Compliance Toolkit. Unfortunately, this version is not available in Intune nyet. When can we expect that version to become available in Intune?
DSC SecurityPolicyDsc: "Could not infer CimType from the provided .NET object"
Hello Everyone, I'm encountering a persistent issue while applying security baseline settings using the SecurityPolicyDsc module on Windows Server 2022. Despite providing valid settings (like Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled'), the DSC execution fails with the following error: Could not infer CimType from the provided .NET object. The PowerShell DSC resource '[SecurityOption]LimitBlankPasswords' with SourceInfo '<file path>::SecurityOption' threw one or more non-terminating errors while running the Test-TargetResource functionality. What I've done so far: Verified the syntax and parameters using only one setting at a time Downgraded SecurityPolicyDsc to 2.9.0.0 (as 2.10.0.0 has known CimType issues) Confirmed MSFT_SecurityOption.schema.mof exists in the module directory Ensured no null or invalid values are passed Used explicit paths in Start-DscConfiguration Ran under PowerShell 5.1 on Windows Server 2022 (Azure VM, domain-joined) Despite all this, the error persists — even for a minimal configuration like: Configuration SecurityTest { Import-DscResource -ModuleName 'SecurityPolicyDsc' Node 'localhost' { SecurityOption LimitBlankPasswords { Name = 'LimitBlankPasswords' Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only = 'Enabled' } } } SecurityTest -OutputPath "C:\Temp\SecurityTest" Start-DscConfiguration -Path "C:\Temp\SecurityTest" -Wait -Verbose -Force Any guidance or workarounds would be greatly appreciated. If there’s a known fix or update planned for SecurityPolicyDsc, I’d be happy to test that as well. Thanks in advance!Edge Security Baseline v128 - Dynamic Code Setting
Cross-posted this in the annoucement for v128 and the review of v134... Enabling the Dynamic Code Settings "Enabled:Prevent the browser process from creating dynamic code" breaks printing to network printers in Active Directory. Edge tries to generate the print preview page, and hangs.
DSC Error for 2022 Security Baseline
Hello Everyone, I am trying to find out more about this error but no luck....... I have converted the GPOs to DSC for Windows Server 2022 - Member Server using Windows Server-2022-Security-Baseline-FINAL and have applied it to a test VM which is currently domain joined, initially I was getting too many dsc errors so I tried to narrow down and do a small batch of configurations and I still get the same error with the following message DSC Error : Could not infer CimType from the provided .NET object. The PowerShell DSC resource '[SecurityOption]SecuritySetting(INF): LSAAnonymousNameLookup' with SourceInfo 'C:\onedsc\PasswordComplexityConfig.ps1::33::9::SecurityOption' threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details. Could not infer CimType from the provided .NET object. Does anyone have any insight what could be wrong here?and how do I go about correcting it Thanks
Security Baseline for M365 Apps for enterprise May 2023 version
Is there any known issue with the Security Baseline for M365 Apps not applying? I have a customer who said it worked for a while and then stopped working. They had to do everything via configuration profiles. Apparently they also heard from other companies that this baseline stopped working suddenly.
Exploit Prevention Blocking EXE files
My environment is having an issue where exe files are being blocked when executed via a remote share. It appears Exploit Prevention is blocking but it does not happen for every user. I have placed an exclusion using Set-ProcessMitigation -Name filename.exe -Disable BlockRemoteImageLoads and the issues still persist. We do not use Defender for Endpoint as a solution and are not managing Exploit Guard policy via GPO, SCCM, or InTune. Also I have verified the process mitigation is disabled using PowerShell. ImageLoad: BlockRemoteImageLoads : OFF AuditRemoteImageLoads : NOTSET Override BlockRemoteImages : False BlockLowLabelImageLoads : OFF AuditLowLabelImageLoads : NOTSET Override BlockLowLabel : False PreferSystem32 : NOTSET AuditPreferSystem32 : NOTSET Override PreferSystem32 : False This randomly started a few days ago and I'm at a loss for how to move forward and why this occured all the sudden.
