Microsoft has issued its security configuration guidance for Windows 10 in an effort to standardise "a more coherent" framework.
Grading the five security level recommendations, Microsoft says that the lower the level number, "the higher the degree of security hardening".
Level 5: Enterprise security
For enterprise devices, recommendations for this security configuration level are "generally straightforward" and designed to be deployable within 30 days.
Level 4: Enterprise high security
For devices where users access sensitive or confidential information.
Recommendations for this level are generally accessible to most organisations and designed to be deployable within 90 days.
Level 3: Enterprise VIP security
For devices run by an organisation with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk.
A firm likely to be targeted by well-funded and sophisticated hackers should choose this configuration. Recommendations for this security configuration level can be complex, and can often go beyond 90 days.
Level 2: DevOps workstations
For developers and testers who are an attractive target both for supply chain attacks and credential theft attacks that attempt to gain access to servers and systems containing high-value data.
Microsoft says that it is still developing this guidance, and will make another announcement as soon as it is ready.
Level 1: Administrator workstation
For administrators (particularly of identity or security systems) who face the highest risk, through data theft, data alteration, or service disruption.
The guidance for this configuration is also still being developed.
Microsoft principal programme manager Chris Jackson explained why the vendor is detailing five distinct recommendations.
"In the past, we left defining the security configuration for Windows 10 as a task for every customer to sort out," he said.
"As a result, we saw as many different configurations as we saw customers."
He added that the vendor recognises that customers have vastly different levels of experience.
"We sat down and asked ourselves this question: if we didn't know anything at all about your environment, what security policies and security controls would we suggest you implement first?"
Some say performance, others say money but it may be systems and processes that carry the day
The networking vendor claims its buy out will bolster its as-a-service proposition with partners and customers
CPI breaks down the 50 largest players across the continent as part of our Global Elite 2019 report
We talk with state-wide players to find out the top pain points for MSPs in the Wolverine State