News

Microsoft 365 Security and Compliance Tools Released, Alongside SCCM Update

• By Kurt Mackie
• March 29, 2019

Several Microsoft management, security and compliance solutions hit their latest release milestones this week.

Specifically, the company announced the release of System Center Configuration Manager (SCCM) Update 1902, as well as the general availability of both Microsoft 365 Security Center and Microsoft 365 Compliance Center.

Microsoft also launched a limited preview of a new Windows client "Tamper Protection" feature that works with the Microsoft Defender Advanced Threat Protection (ATP) security solution. This feature will show up in the client in the Windows Security menu, and it'll be possible for organizations to centrally manage it using the Microsoft Intune management solution. Home users eventually will get this feature, too, turned on by default in the Virus and Threat Protection settings, where it will show up as a toggle button. The Tamper Protection feature will be an opt-in feature for enterprise Windows users.

Tamper Protection prevents other users and malicious applications from changing security settings. For instance, it'll protect settings for real-time scanning, cloud-based detection services, anti-malware solutions and suspicious behavior monitoring services. The Tamper Protection preview is currently available for Windows Insider Program testers of any build released "during March 2019 or later."

SCCM Update 1902
SCCM Update 1902 was released this week as an upgrade to the product.

These updates typically arrive three times per year, and go by the old "current branch" nomenclature, rather than the "channels" terminology used with Windows 10 and Office 365 releases. Earlier this month, Microsoft released System Center 2019, where one of the highlights was the announcement that Microsoft was dropping the "semiannual channel" release model for the product. However, the SCCM component is still the lone exception and gets frequent updates.

IT pros can find Update 1902 in the SCCM console's "Updates and Servicing" node as an upgrade. Client devices need to be upgraded as well, per Microsoft's "What's New" document.

With SCCM Update 1902, Microsoft is highlighting its integration with Readiness Toolkit for Office, which will add support for assessing Office 365 ProPlus deployments. IT pros get a dashboard view of Office 365 ProPlus readiness and they can drill down into the details by device. It'll show whether existing Office macros and add-ins will work with the Office 365 ProPlus suite, for instance.

Update 1902 also brings the ability to see the product lifecycles of Office installations, as well the versions, from Office 2003 through Office 2016. Moreover, users will get notifications on lifecycle and maintenance events. Microsoft also added the ability to use SCCM to "move Windows known folders to OneDrive for Business" (known folders are the default folders that come preinstalled with Windows systems, such as "Documents," "Pictures," etc.).

There's a new Client Health Dashboard node showing the state of devices and "common errors." Microsoft also made it easier to run queries using the CMPivot tool for checking the real-time state of devices.

A new "Phased Deployment" node was added in SCCM Update 1902 that can be customized to indicate the number of devices needed to reach a successful deployment target. IT pros can set phased deployments for "a task sequence, software update, or application," according to Microsoft's documentation. Microsoft also added a progress bar for Windows 10 in-place upgrades. Another notable item is the ability to optimize operating system images by removing superseded updates.

There are some PowerShell perks. It's possible now to "edit or copy an existing PowerShell script used with the Run Scripts feature." Moreover, users can specify additional criteria for a PowerShell Script task sequence, including "a timeout value, alternate credentials, a working directory and success codes."

Microsoft 365 Security Center
The general availability status of the Microsoft 365 Security Center product and the Microsoft 365 Compliance Center product, announced this week, likely was by design. Those two portals are the intended replacements for the Microsoft 365 Security and Compliance Center product, as Microsoft previously explained last month. Microsoft's documentation also links these two portals. Organizations will need to have "a subscription to Microsoft 365 E3 or E5, or a Volume Licensing equivalent" to use them.

The Microsoft 365 Security Center portal is a tool for security administrators, but Microsoft is promising that it'll have "integrated experiences for compliance data administrators and security operators" sometime later this year. Microsoft included role-based access control capabilities in the portal's Permission page to sort out the personnel access issues.

The Microsoft 365 Security Center tool is used to secure computing-environment elements, such as "identity, endpoints, user data, cloud app and infrastructure," rather than specific products. That same design is followed by the Microsoft 365 Compliance Center product.

Microsoft also follows that pattern with the Microsoft 365 Admin Center, its main management solution for Office 365. Last year, Microsoft announced that it was switching Office 365 Admin Center users over to Microsoft 365 Admin Center.

The general availability release of Microsoft 365 Security Center is notable for its attack surface reduction rules that lets IT pros disable functionality that's not being used in applications and operating systems. They can assess the effects of applying the rules beforehand, too, Microsoft claimed. Microsoft also integrated its Microsoft Secure Score solution in the Microsoft 365 Security Center portal. Secure Score provides a dashboard view of an organization's overall security posture.

Based on a comment in Microsoft's announcement by Vasil Michev, a Microsoft Most Valuable Professional, the Microsoft 365 Security Center is still a bit slim on features for a general availability release.

Microsoft 365 Compliance Center
The Microsoft 365 Compliance Center portal was introduced back in January but it is now deemed ready by Microsoft for use in production environments. It provides action items in its "Assess, Protect and Respond sections" to help address compliance and privacy issues, using Microsoft's Compliance Manager service for these assessments. Microsoft collects signals from "devices, apps and cloud services" to discover potential compliance risks.

Users can track their compliance activities in the Microsoft 365 Compliance Center portal, which can be used to prepare for audits. There's a "Compliance Manager card" that shows a summary of an organization's compliance with things like the "GDPR, ISO 27001 and NIST 800-53." Organizations can apply "sensitivity and retention labels" to Office 365 and non-Office 365 data to help with compliance management. Microsoft also supports using Supervision and eDiscovery tools across data.

The Microsoft 365 Compliance Center isn't a complete solution yet. IT pros will get switched back to the old Office 365 Security and Compliance Center for some tasks, Microsoft admitted, in an FAQ.