Microsoft Publishes SECCON Framework For Securing Windows 10

An anonymous reader writes: Microsoft published today a generic "security configuration framework" that contains guidance for systems administrators about the basic security settings they should be applying in order to secure Windows 10 devices. The SECCON framework, the name Microsoft gave this framework, is are five different recommendations for securing a Windows 10 device, depending on its role inside an organization (Enterprise security, Enterprise high-security, Enterprise VIP security, DevOps, Administrator). [Note: last two docs are empty and don't include any info just yet].

For each of these security levels, Microsoft has published default templates for Windows policies that sysadmins can apply to desired PCs, based on the access levels those workstations have. Microsoft hopes this will automate a system administrator's job in deploying a basic minimum of security features to Windows 10 systems, on which custom modifications can then be made, depending on each enterprise's needs.

My Own "FrameWork"

1. Run inside a virtual machine, it get's limited network access
2. limit the network access even further on the router - it gets no updates
3. limit the internal network access even further, it sees nothing on the LAN, it only sees a network share, and that only contains the files it needs to see.
4. limit the hardware it can see, windows actually performs nicely on simple hardware, the more complex the hardware, the more crashes
5. a pi-hole further limits what gets to the machine
6. exfiltration of data is limited on the router