Hasain Alshakarti

Microsoft has published the Windows 8 Release Preview Product Guide for Business, the guide describes how Windows 8 changes the work environments and how Windows is reimagined to support people’s unique working styles.

Windows 8 provides enterprise-class security capabilities that keep clients more secure from power-on to power-off.

Windows 8 provides the following enhanced security features:

Trusted boot process

With UEFI 2.3.1 equipped devices, the UEFI Secure Boot feature helps to ensure that malware is not able to start before Windows 8. The Windows 8 Trusted boot feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot critical drivers, and even the antimalware software itself. The system’s antimalware software is the first 3rd party application or driver to start. Moving antimalware into the Trusted Boot process prevents it from being tampered with. In the event that malware is able to successfully tamper with the boot process Windows can automatically detect and repair the system.

Measured boot process

On Trusted Platform Module (TPM)-based systems, Windows 8 can perform a comprehensive chain of measurements during the boot process that can be used to further validate the boot process beyond Trusted Boot. Measured boot process enables all aspects of the boot process to be measured, signed, and stored in a Trusted Platform Module (TPM) chip. This information can be evaluated by a remote service to further validate a computer’s integrity before granting it access to resources. This process is called Remote Attestation.

BitLocker Drive Encryption

BitLocker now supports encrypted drives, which are hard drives that come pre-encrypted from the manufacturer. BitLocker offloads the cryptographic operations to hardware, increasing overall encryption performance and decreasing CPU and power consumption. On devices without hardware encryption, BitLocker allows you to choose to encrypt the used space on a disk instead of the entire disk. As free space is used, it will be encrypted. This results in a faster, less disruptive encryption of a hard drive. In addition, the user experience is improved by allowing a standard user, one without administrative privileges, to reset the BitLocker PIN.

AppLocker

AppLocker enables IT administrators to create security policies through Group Policy to prevent potentially harmful or other non-approved apps from running. With AppLocker, IT administrators can set rules based on a number of properties, including the signature of the application’s package or the app’s package installer and can more effectively control apps with less management.

Windows SmartScreen app reputation service

Windows SmartScreen app reputation is a safety feature in Windows 8. This service provides application reputation-based technologies to help protect users from malicious software that they may encounter on the Internet. This technology checks reputation on any new application, helping to keep users safe no matter what browser they use Windows 8. This helps to prevent malware and other viruses from infiltrating your organization. The Windows SmartScreen app reputation feature works with Internet Explorer’s SmartScreen feature, which also protects users from websites seeking to acquire personal information such as user names, passwords, and billing data.

Claim-based access control

With Windows 8, IT administrators can dynamically allow users access to the data they need based on the user’s role in the company. Unlike previous statically-controlled security groups, Claim-based access control allows IT admins to dynamically control access to corporate resources based on the user and device properties that are stored in Active Directory. For example, a policy can be created that enables individuals in the finance group to have access to specific budget and forecast data, and the human resources group to have access to personnel files.

 

Inspelningen från TechDays Sweden 2012 finns nu att ladda ner här 

  TechDays Sweden 2012 download:(219.3 MiB, 4,680)

eller köra direkt i denna sida

Tack till DXter på PowerAdmin för medverkande med ADFS demo 🙂

/Hasain

LAS VEGAS — April 17, 2012 — Today at the sold-out Microsoft Management Summit, Corporate Vice President Brad Anderson spoke to nearly 5,000 IT professionals about their opportunity to deliver fast, reliable services with cloud computing. His keynote speech highlighted how customers around the world are already using Microsoft System Center 2012, available today for evaluation and purchase, to create private clouds. Anderson also discussed how IT professionals can evolve their roles with cloud computing to help their businesses be more competitive.

Anderson provided a preview of how Microsoft’s private cloud will become even more powerful with Windows Server “8” and announced that the operating system will officially be named Windows Server 2012. The new “cloud-optimized OS” is due out later this year.

Read the complete press release: http://www.microsoft.com/en-us/news/Press/2012/Apr12/04-17MMSDay1PR.aspx

 

It seems that EAP-TTLS is getting supported by Microsoft on the next version of Windows. Using the 802.1x Policies in the Developer Preview version of Windows 8 Build 8102, you can configure EAP-TTLS as an authentication method for both Wireless and Wired IEEE 802.3 & 802.11 Policies.

 

When developing Metro style apps, Network Isolation helps your product to take advantage of the isolation mechanisms that will keep the app and system secure.

The new Windows Runtime APIs enable a developer to control the security profile of an app under development. Network access is part of this application security model. Not all apps will require access to the network. However for those that do, Windows provides the appropriate level of granularity for apps to access the network securely.

With network isolation, developers can define the scope of the network access required for each process, which prevents a process without the appropriate scope from accessing the specified type of network or connection. The ability to set and enforce these boundaries ensures that compromised apps have access only to networks they have explicitly been granted access to, significantly reducing the scope of their impact in other apps or the system itself.

Download and Read more about Network Isolation for Metro style Apps http://www.microsoft.com/download/en/details.aspx?id=27534. This paper provides information about network isolation for Windows operating systems. It provides guidelines for developers to determine the network boundary that a Metro style app will operate in, and what capabilities will be necessary to access required resources.