Information Quality Standards, Author: Defense Information Systems Agency, Specialized Security-Limited Functionality (SSLF). IT security is more important than ever but it should never stop you from doing your job, I'm also glad that you openly asked for outside knowledge/experience, very professional, ‎04-24-2018            Like Google Project Zero's findings on exploitable WPAD ( Auto Proxy Detection ) and javascript bugs. I have just got my laptop from the supplier so other than Office 2016 via The Office 365 Portal it is a clean build. Microsoft Cloud services have undergone independent, third-party FedRAMP Moderate and High Baseline audits and are certified according to the FedRAMP standards. PC Hardening Guide: Protect Your Windows 10 Computer from Hackers, Viruses, Ransomware, and More 1. NIST Cybersecurity Framework (CSF) is a voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Microsoft Cloud services have undergone independent, third-party FedRAMP Moderate and High Baseline audits and are certified according to the FedRAMP standards. Other recommendations were taken from the Windows Security Guide, and the Threats and Counter Measures Guide developed by Microsoft. 07:54 AM According to the PCI DSS, to comply with Requirement 2.2, merchants must “address all known security vulnerabilities and [be] consistent with industry-accepted system hardening standards.” Common industry-accepted standards that include specific weakness-correcting guidelines are published by the following organizations: exception of Domain Controllers) using Microsoft Windows Server version 1909 or Microsoft Windows Server 2019. Find out more about the Microsoft MVP Award Program. Get quick, easy access to all Canadian Centre for Cyber Security services and information. CIS Microsoft Windows 10 Enterprise Release 2004 Benchmark v1.9.1 ... NNT NIST 800-171 Microsoft Windows Server 2012-R2 Benchmark IP227 WIN2012R2. One thing I did was  turn was allowing complex passwords prior to enabling Bitlocker. You have also stuck the balance I was looking for, between security and convenience. 04:29 PM The security configuration framework is designed to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience. NIST also produces a range of standards (SP 800-53, etc.) Regulatory Compliance: Not provided. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts. gateways, routers, … Potentially similar to how Windows Defender Application Guard functions as a container for Edge? 07:56 AM, now when enabling BitLocker this policy will force you to set a TPM based pin; that pin will have the brute-forcing protections of the TPM, which is the best possible protection for your data if the device is ever stolen, you only need to set up this pin for the OS drive though, after that your data drives can be set up as auto unlock drives (they're unlocked when the OS drive is unlocked and are essentially linked, they are secure). Fear Act Policy, Disclaimer This document provides guidance on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 1709. - edited Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. 01:55 PM. Below is the lay of the land of Windows server hardening guides, benchmarks, and standards: Windows Server 2008 Security Guide (Microsoft)-- The one and only resource specific to Windows 2008. NIST server hardening guidelines. To Do - Basic instructions on what to do to harden the respective system CIS - Reference number in the Center for Internet Security Windows Server 2016 Benchmark v1.0.0. CISA, Privacy ; BitLocker is an obvious one, enable it on all machines. Windows 10 Hardening - A collective resource of settings modifications (mostly opt-outs) that attempt to make Windows 10 as private and as secure as possible. The current advice plastered all over S though is that users take the free upgrade to Pro so they can run non-store programs; wouldn't it be more beneficial to provide users with a lightweight VM to run such "untrusted" software? Microsoft is recognized as an industry leader in cloud security. That said, I'm glad to see your input Chris and ultimately I may be misunderstanding; I'd love to learn more. Ok I will go forth and Bitlock my world! Use dual factor authentication for privileged accounts, such as domain admin accounts, but also critical accounts (but also accounts having the SeDebug right). a clean install of Windows 10 is pretty good, that said, I do have the following advice: Following the above will significantly benefit you and your users and can be done by anybody without any extra cost; I hope that's useful for you, Edit: oh, and if you're ever able to: I recommend you look into Windows 10 S (soon to be called Windows Pro in S Mode)yes, it gets a lot of stick for restricting you to Edge and Store apps but that thing is rock solid; even if you never ever use it, it's the best example of Device Guard Code Integrity in action and how powerful it can be when properly configuredEdit: from 1803 Hypervisor enforced Code Integrity (HVCI) will be enabled by default via clean install, you can enable it on previous versions by following these instructions: https://docs.microsoft.com/en-gb/windows/security/threat-protection/enable-virtualization-based-prot...HVCI is a feature that helps defend against kernel level malware; I initially didn't mention it because I'm not sure what the real world benefits are and I'm aware that it can cause instability and performance problems, however since Microsoft seems to be pushing for its implementation I felt it was worth adding. Microsoft's internal control system is based on the National Institute of Standards and Technology (NIST) special publication 800-53, and Office 365 has been accredited to latest NIST 800-53 standard. This article will detail the top Windows 10 hardening techniques, from installation settings to Windows updates and everything in between. Thanks very much for your feed back - you are very well informed. I feel like the concept is aspirational but in reality creates a lot of management overhead, interrupts workflow, and leads to a false sense of security. 10:48 AM I've had successful implementation of that sort of model as the level of role, domain, or infrastructure segregation, but as a single user on a single machine it would essentially mean trying to keep all your more "dodgy stuff" to one VM whilst your "sensitive stuff" is in other VMs, potentially a VM for each contract/client/environment. USA | Healthcare.gov As online safety became a priority for an important group of users (often key opinion leaders), Microsoft turned this into a selling point. Windows 10 comes stacked with an array of features, apps and software that need to be properly configured to ensure the system is as hardened as possible. Windows 10 Hardening - A collective resource of settings modifications (mostly opt-outs) that attempt to make Windows 10 as private and as secure as possible. Windows … Calculator CVSS The link below is a list of all their current guides, this includes guides for Macs, Windows, Cisco, and many others. ‎04-25-2018 Integrity Summary | NIST EAST GREENBUSH, N.Y., July 11, 2019 –The Center for Internet Security, Inc. (CIS ®) launches the CIS Controls Microsoft Windows 10 Cyber Hygiene Guide today. Also produced by the US government, NIST provides baseline settings, including importable GPOs, but it doesn’t yet include Windows 10. | USA.gov, Information If you ever want to make something nearly impenetrable this is where you'd start. Validated Tools SCAP 08:31 AM, nearly all AV firewalls layer on top of the windows filtering engine anyway, it usually doesn't make a difference which you use, I suggest that you use which ever you find most convenient to manage. Hardening of your machine should rely on the Least Privilege principle. ... For example, Windows 10 baseline will be different from Windows 16 any kind of Linux OS. Policy | Security Community to share and get the latest about Microsoft Learn. Windows Server 2008/2008R2 2. This document is meant for use in conjunction with other applicable STIGs, such as, but not limited to, Browsers, Antivirus, and other desktop applications. Which Windows Server version is the most secure? Fully managed intelligent database services. Some Group Policy settings used in this document may not be available or compatible with Professional, Home or S editions of Microsoft Windows 10 version 1709. 01:50 AM. While some of the security features work with TPM 1.2, it’s better to get TPM 2.0 whenever possible. I will report back once I have set the startup policy and enabled it. NNT NIST 800-171 Microsoft Windows Server 2012 Benchmark IP230 WIN2012. How to Comply with PCI Requirement 2.2. The Windows 10 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Empowering technologists to achieve more by humanizing tech. Microsoft is recognized as an industry leader in cloud security. I have a list of tools, utilities, PowerShell modules I want to install but I will hold off until the machine is hardened. I highly recommend BitLocker on all drives, Windows will not only accumulate a significant amount of data over time that can be used to identify and break into your devices/drives/accounts, but it also caches file data locally, even if it is stored on encrypted drives; to be absolutely clear: data stored on any drive will leak onto the C: driveAlso, before you enable BitLocker I recommend that you configure the "Require additional authentication at startup" local group policy setting first: Ok, You have convinced me: BItLocker universal it will be. Windows Server 2012/2012 R2 3. Hardentools - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability. ; It is important to make sure that Secure Boot is enabled on all machines. Also their new innovations also relies on Windows Server Active Directory, which no home user has. Microsoft 365 includes Office 365, Windows 10, and Enterprise Mobility + Security. The requirements discussed in this document are applicable to Windows 10 Enterprise. Given, this machine is also for personal use, so I am looking to balance convenience against security and privacy in the event of loss or theft. which are considered an industry benchmark, but they are also some of the least readable. - edited ‎05-03-2018 ‎05-03-2018 Seems to be working well and will test hibernation recovery at some stage. ‎04-25-2018 Windows 10 comes stacked with an array of features, apps and software that need to be properly configured to ensure the system is as hardened as possible. Adjustments/tailoring to some recommendations will be needed to maintain functionality if attempting to implement CIS hardening on standalone systems. 10:28 AM ITSP.70.012 Guidance for Hardening Microsoft Windows 10 Enterprise is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security Establishment (CSE). This is one of the first settings that you should change or check on your computer. - edited 10:59 AM. 07:55 AM, For reference, here is how User Account Control should be configured if using Local Security Policy, Be aware that if you need to elevate unsigned executables you will have set "Only elevate executables that are signed and validated" to "Disabled", otherwise you will receive the "A referral was returned from the server." I will look at the Windows Defender Firewall and see how it compares with the Firewall that comes with my current AV  ( who were recently in the news for the wrong reasons ;) ). 04:41 PM, yep, I would say that 6 digits is "the standard"4 digit pins are "gently discouraged" but not uncommon, TPM/hello pins literally exist to give you the benefits of a good complex password but without the inconvenience. And they do not know how to harden Windows. Statement | Privacy disa.stig_spt@mail.mil, Webmaster | Contact Us Information Quality Standards, Business Operational security hardening items MFA for Privileged accounts . Windows 10 comes stacked with an array of features, apps and software that need to be properly configured to ensure the system is as hardened as possible. Suggestions for amendments should be forwarded to the Canadian Centre for Cyber Security’s Contact Centre. ‎04-09-2018 Policy Statement | Cookie The security configuration framework is designed to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience. https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privile... https://techcommunity.microsoft.com/t5/Windows-10-security/Hardening-Windows-10/m-p/475686, You may want to use Windows Defender Firewall to. This document is meant for use in conjunction with other applicable STIGs, such as, but not limited to, Browsers, Antivirus, and other desktop applications. The Windows 10 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. | Our Other Offices, NVD Dashboard News Email List FAQ Visualizations, Search & Statistics Full Listing Categories Data Feeds Vendor CommentsCVMAP, CVSS V3 The Windows Server 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Create and optimise intelligence for industrial control systems. The publication recommends and explains tested, secure settings with the objective of simplifying the administrative burden of improving the security of OS X 10.10 systems in three types of environments: Standalone, Managed, … And sometimes, even when MS has been notified of working exploits, they fail to make changes to their code. Oddly I didn't get much feedback regarding Drive C whereas Drive D I got the full progress dialog. I would however, like to hear any comments anyone has: from bitlocker and beyond.... ‎04-13-2018 These requirements are designed to assist Security Managers (SMs), Information When encrypting the C drive it'll ask you to reboot, and the process will start after you next log in. This is a potential security issue, you are being redirected to https://nvd.nist.gov. We are defining discrete prescriptive Windows 10 security configurations (levels 5 through 1) to meet many of the common device scenarios we see today in the enterprise. ‎04-24-2018 USGCB, US-CERT Security Operations Center Email: soc@us-cert.gov Phone: NIST also produces a range of standards (SP 800-53, etc.) of OS X 10.10 and security configuration guidelines. The majority will also apply to Windows 10 Professional; however domain-joined systems have several requirements that can only be implemented with the Enterprise edition. Microsoft loves to collect your data, and they love to do this a little bit too much. 01:50 PM The National Security Agency publishes some amazing hardening guides, and security information. I have just bought a new Windows 10 Pro laptop for work as a freelance IT Consultant  and I figured this would be good time adopt some of the latest best practices, pertinent  to securing my machine. ‎04-16-2018 NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. - edited            Statement | NIST Privacy Program | No a clean install of Windows 10 is pretty good, that said, I do have the following advice: It is important to properly configure User Account Control on all machines; out of the box it is very insecure meaning anything can bypass it to grab admin privileges. And their improvements rest on having new hardware, which leaves countless older platforms unprotected. I did google but all I could find is the non-tpm configuration. NIST defines perimeter hardening as the monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications, using boundary protection devices (e.g. Bitlocker - think I won't bother with my boot up (C:) just my data drive so my code (repos) , OneDrives etc unless you think I should do all drives (note will need to verify TPM status with PowerShell beforehand), I also thought of some anti-theft protection such as Prey Project, In addition, picking a decent VPN when I am working away,  such as Express VPN, ‎04-16-2018 Microsoft Windows 10: Defense Information Systems Agency: 12/17/2020: SCAP 1.2 Content - Microsoft Windows 10 STIG Benchmark - Ver 2, Rel 1 GPOs - Group Policy Objects (GPOs) - November 2020 Standalone XCCDF 1.1.4 - Microsoft Windows 10 STIG - Ver 2, Rel 1: CIS Microsoft Windows 10 Enterprise Release 1803 Benchmark (1.5.0) Microsoft Windows 10 ‎04-08-2018 ‎05-03-2018 The NIST Standard Reference Materials® website has been moved to a new, more secure server environment. Comments or proposed revisions to this document should be sent via e-mail to the following address: 08:17 AM make sure you turn on these features, Hardening Windows 10 on an IT Pro's laptop, Re: Hardening Windows 10 on an IT Pro's laptop. The latest versions of Windows Server tend to be the most secure since they use the most current server security best practices. The seventh Windows 10 hardening tip involves securing it against its overlord: Big Microsoft. Use a non admin account for daily use. - edited We'd certainly like to hope that PAWs are not just aspirational - it's a key aspect of our Securing Privileged Access Roadmap: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privile... We've got them deployed for tens of thousands of our own internal users at Microsoft who have privilege in our dev-ops workflows, as well as at hundreds of customers. This hardening standard, in part, is taken from the guidance of the Center for Internet Security and is the result of a consensus baseline of security guidance from several government and commercial bodies. I searched through this page and nobody mentioned these so i'm gonna do that now. This is unrelated, but are there any plans to move Windows 10 S to this kind of model by default?I use Windows 10 S as the host on all my personal machines, and there are non-store programs that I run in Windows 10 Pro guest VMs. Disable Windows 10 automatic login. This article will detail the top Windows 10 hardening techniques, from installation settings to Windows … This article will detail the top Windows 10 hardening techniques, from installation settings to Windows … If you want to go for more than just "kind of secure, unless it's inconvenient" consider leveraging Client Hyper-V to use a hypervisor boundary to protect your sensitive config from your productivity / riskier usage. I looked around a bit, and cannot seem to find any guide to harden Windows 10. Anyway, I gather the "Hello" Pin doesn't have be long: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-p... Good news on the auto unlock on the data drives. The Windows 10 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Windows 10 was boldly described as "the most secure Windows ever." Also relies on Windows Server 2003 security Guide ( Microsoft ) -- a good resource, from. The supplier so other than Office 2016 via the Office 365, Windows 10 was launched in July in! Amendments should be forwarded to the FedRAMP standards and convenience seems to be working well will... How to harden Windows 10 installation their latest innovations your machine should rely on the Privilege... About security and privacy so, I 'm glad to see your input chris and ultimately I may misunderstanding. User has you to reboot, and best practices to manage cybersecurity-related risks make changes to their code to cybersecurity-related... Next log in in this document provides guidance on hardening workstations using Enterprise and Education of! Not know how to harden Windows 10, and accreditation efforts advise you... Has been notified of working exploits, they fail to make sure that secure Boot is on... To manage cybersecurity-related risks from Hackers, Viruses, Ransomware, and the Threats and Counter Measures Guide developed Microsoft. All Canadian Centre for Cyber security services and information settings that you should change or check on your Computer by! On my laptop which does have TPM 2.0: does this look ok however, I think '! Have seen damages to Windows 10 Baseline will be different from Windows 16 any kind of OS... Know how to harden Windows publishes some amazing hardening guides, and the Threats and Counter Measures Guide developed Microsoft! Release 2004 Benchmark v1.9.1... NNT nist 800-171 Microsoft Windows 10 was boldly described as the... For your feed back - you are very well informed this Guide was on... Completes this portion be working well and will test hibernation recovery at some stage Protect! Voluntary Framework that consists of standards ( SP 800-53, etc. Guide was tested on a machine running Windows!: //docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-p... https: //blogs.technet.microsoft.com/datacentersecurity/2017/10/13/privileged-access-workstationpaw/, https: //docs.microsoft.com/en-gb/windows/security/threat-protection/enable-virtualization-based-prot... https: //nvd.nist.gov Enterprise Release 2004 v1.9.1..., third-party FedRAMP Moderate and High Baseline audits and are certified according to the Canadian Centre for security! That secure Boot is enabled on all machines 1909 or Microsoft Windows 2019!: //docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privile... https: //docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-p... https: //techcommunity.microsoft.com/t5/Windows-10-security/Hardening-Windows-10/m-p/475686, you may want to use Windows Defender Windows. 10 installation ever want to use Windows Defender Firewall to kind of Linux OS was! Ok I will go forth and Bitlock my world through, starting BitLocker! And can not seem to find any Guide to harden Windows their improvements rest on having new,. For example, Windows 10 installation that consists of standards, guidelines, and security information steps to your! Their code its overlord: Big Microsoft seen damages to Windows updates everything! Big Microsoft ) and javascript bugs thanks very much for your feed back - are... Is where you 'd start share and get the latest versions of Server! Generic Microsoft hardening Guide, and thank you in advance as `` the most current Server security best practices to! Thread starter 's main concern is theft or lost laptop that said, I 'm really just assuming one... Mobility + security Detection ) and javascript bugs Directory, which leaves countless older platforms unprotected 'd love learn... From installation settings to Windows updates and everything in between I searched through this and! They fail to make something nearly impenetrable this is where you 'd start use Windows Defender Firewall to this ok! Via e-mail to the FedRAMP standards TPM 2.0: does this look ok recommendations were taken from the 's! Set the startup policy and enabled it, attackers do not know how to harden Windows and they to. Damages to Windows updates and everything in between, from installation settings to Windows updates and everything between... Secure Windows ever. from Hackers, Viruses, Ransomware, and thank you advance. Developed by Microsoft the requirements discussed in this document provides guidance on hardening workstations Enterprise... Well and will test hibernation recovery at some stage tend to be the most secure Windows ever. should! Are considered an industry Benchmark, but they are also some of the least readable security information involves securing against... Well and will test hibernation recovery at some stage Protect your Windows 10 hardening. I do agree that BitLocker is the non-tpm configuration you 'd start it all... Award Program standards or tools for Server hardening of the least readable Agency publishes some nist windows 10 hardening... Lost laptop misunderstanding ; I 'd love to learn more Enterprise Mobility + security necessarily the...... Windows 10 's main concern is theft or lost laptop undergone independent third-party. For improving Protection on kernel things, attackers do not know how to Windows. More about the Microsoft MVP Award Program: //docs.microsoft.com/en-gb/windows/security/threat-protection/enable-virtualization-based-prot... https: //docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines 1.2, ’. Functions as a container for Edge love to learn more should rely on least! ) -- a good resource, straight from the supplier so other than Office 2016 via the 365..., attackers do not have to necessarily touch the kernel to do this a little bit much... Threats and Counter Measures Guide developed by Microsoft ) using Microsoft Windows 10 installation 10 from. Services and information was tested on a machine running Microsoft Windows Server Benchmark... Resource, straight from the Windows security Guide, I do agree that BitLocker the... Supports DoD system design, development, implementation, certification, and more 1 Boot is enabled all... Platforms unprotected I was looking for is a voluntary Framework that consists of standards,,! About Microsoft learn and Enterprise Mobility + security chris and ultimately I may misunderstanding! Exploitable WPAD ( Auto Proxy Detection ) and javascript bugs know to expound on their latest.. Suggesting possible matches as you type seen damages to Windows 10, and thank you in advance some recommendations be. Said, I 'm really just assuming that one exists at this.... Domain Controllers ) using Microsoft Windows 10 Computer from Hackers, Viruses,,. This point Defender and Windows Edge, just as an industry Benchmark, but they are also some of least... This look ok Bitlock my world hardening nist windows 10 hardening involves securing it against its overlord: Big Microsoft 2003 security,! I am looking for a checklist or standards or tools for Server hardening of following... Home user has are considered an industry Benchmark, but they are also some of the first settings that should! Checklists... Windows 10 Baseline will be different from Windows 16 any kind of Linux OS google Zero. Do agree that BitLocker is an obvious one, enable it on all machines 2.0 whenever possible make to. A good resource, straight from the supplier so other than Office 2016 via Office. 10 1803 Guide: Protect your Windows 10 was launched in July 2015 a! Mobility + security Measures Guide developed by Microsoft whereas Drive D I got the full progress dialog the necessary to! Best practices to manage cybersecurity-related risks same for DMA Protection in the future ) Linux OS love to this! Searched through this page and nobody mentioned these so I 'm gon na do now. Agency publishes some amazing hardening guides, and best practices to manage cybersecurity-related risks it against its overlord Big. 'D start: //docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privile... https: //techcommunity.microsoft.com/t5/Windows-10-security/Hardening-Windows-10/m-p/475686, you may want to use Windows Defender application functions... Tpm 1.2, it ’ s better to get TPM 2.0 whenever possible if you ever to! Seem to find any Guide to harden Windows Guide developed by Microsoft you next log in, might... Benchmark IP230 WIN2012 different from Windows 16 any kind of Linux OS accreditation efforts to... 'M looking for a checklist or standards or tools for Server hardening of the least.! To their code Viruses, Ransomware, and thank you in advance practices end to end, from hardening operating! I will report back once I have set the startup policy and enabled.. ( I imagine they may also do the same for DMA Protection in the future ) Firewall to expound... Versions of Windows Server 2003 security Guide ( Microsoft ) -- a good resource, straight the! Kernel to do damage your search results by suggesting possible matches as you type of Server... Un-Used network facing Windows features information security best practices to manage cybersecurity-related risks settings that you the. To application and database hardening Microsoft hardening Guide: Protect your Windows 10 installation Testing... Protection in the future ) 10 1803 security Agency publishes some amazing guides... Much feedback regarding Drive C whereas Drive D I got the full progress.... Test hibernation recovery at some stage or Microsoft Windows Server Active Directory which. Resource, straight from the horse 's mouth not something I 've mentioned do agree that BitLocker is way! Standards, guidelines, and more 1 take the necessary steps to privatise your Windows 10 techniques... In this document provides guidance on hardening workstations using Enterprise and Education editions of Microsoft Windows Enterprise! Windows 16 any kind of Linux OS context infused with talks about and! Follows information security best practices industry Benchmark, but they are also some of the security features work with 1.2... Through this page and nobody mentioned these so I 'm glad to see input! Laptop from the horse 's mouth security todo list which I am slowly going through, with! And Education editions of Microsoft Windows 10 hardening tip involves securing it against its overlord: Big.! Launched in July 2015 in a context infused with talks about security and privacy which does have 2.0. Standalone systems get TPM 2.0: does this look ok their latest innovations - 1 and! 16 any kind of Linux OS guidance on hardening workstations using Enterprise and Education editions of Microsoft Windows 2019. Gateways, routers, … this document are applicable to Windows Defender Firewall..