View Blog

Jun 2019
14

Interesting Rando-News 

First, I know in my last email I said writing my book took "none" months. I meant nine. Nine months.
These newsletters don't have an editor, or even a good spellchecker. So they're a bit off the cuff.
My book has eyeballs and eyeballs of real pros looking at it. Even THEN there will be errors, but, hey.. they're nicely shellacked !

Next, here's a bunch of items I've been sitting on for a bit. 

Item 1: Windows 1903
---
I know you already know that Windows 1903 is out. Buuut.. it seems a little mysterious how to GET it and what's IN IT. Well, here's a blog which explains both. Be sure to click on "What's new for IT Pros in Windows 10, 1903" for all the best stuff.

https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update/#Sot6SPqZhUjM7lSa.97 

Item 2: 1903 Baselines are out
---
So Baselines are preconfigured advice which can be delivered via Group Policy or an MDM service like  Intune. (And, YES, of course with ALL CAPS I cover this in my "Group Policy (with a side of MDM)" training class, AND also in Chapter 10 of my new MDM/Intune/Autopilot/Azure book !)

Those baselines are here:  https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines

And, here's the official blog entry on it:
https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903/

But, it's Item #3, that's related to Item #2 that's the big interesting thing.

Item #3: Microsoft no longer recommends password rotation for regular users. 
--
Yep, so inside the Baselines, Microsoft has taken a step back from requiring that users rotate their passwords. At first glance you might think "Wow, that really sounds like it LOWERS my security posture." But then, the real reason why this can be a good idea is found when you dig into Aaron Margosis' blog: "If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration? And if they haven’t implemented modern mitigations, how much protection will they really gain from password expiration?"

There you go. So, if you're already implementing password rotation.. I guess "keep doing it" if you haven’t implemented the other mentioned security functions; but STOP if you HAVE implemented these other security measures. I found a few other's takes on this advice:

https://www.forbes.com/sites/daveywinder/2019/04/27/microsoft-confirms-change-to-windows-10-passwords-that-nobody-saw-coming/#4c0a682d7bf2

https://www.scmagazine.com/home/security-news/privacy-compliance/some-cybersecurity-experts-argue-this-may-be-one-of-the-last-global-password-days/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_20190502&hmSubId=c_Ol5WdI-AA1&email_hash=1640a0a38d3b4b638fd2beadfc5e9dc7&mpweb=1325-7621-514959

Item #4: Windows 1903 and Blurred Backgrounds
---
What do you think of those Blurred Backgrounds in Windows 1903 at login time? Don't like them?
Computer | Admin Templates | System | Logon | Show Clear logon background and set it to ENABLED.

Ah.. but what if you don't have the Windows 1903 ADMX files? 

Item #5: No Windows 1903 ADMX files yet.
---
They're not available yet for download. So you can always take a Windows 10 1903 machine and use the ADMX and ADML items from there if you're in a hurry. But I advise to wait for the download. I’ll let you know when that occurs.

Item #6: Super cool Windows 10 thing to broadcast your screen "over there." 
---
This is one of those things I'm wondering if everyone on the planet knew, except maybe.. Me. 
Basically, you can "project your whole screen" to an app .. "over there" on another Windows 10 machine. I tested this and it's so freeking cool. Just. So. Cool. My. Head. Exploded.  
Tip: Both computers have to be on the same Wifi or Bluetooth network. 
https://techcommunity.microsoft.com/t5/Core-Infrastructure-and-Security/How-to-Use-an-Additional-Computer-as-a-Secondary-Display/ba-p/681152

And now.. time for the plugs... :-)

- My CLASS (next Group Policy+ MDM class Chicago Sep 16 - 18th [three days].. Sign up today at www.MDMandGPanswers.com/class
- Nor did I plug my new MDM: Intune, Autopilot and Azure book which is coming out in July (www.MDMandGPanswers.com/book)

No time like the present. Sign up for class and/or get your book. :-)

Happy Friday everyone !

Comments (0)

No Comments!