ASD - Australian Signals Directorate

ASD's Blueprint for Secure Cloud

Windows Security

This section describes the design decisions associated with security settings on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 1 minute

Security settings are applied to the Standard Operating Environment (SOE) largely to slow down and prevent malicious adversaries and payloads from causing harm to organisations. The security settings should not prevent legitimate users from conducting work and should provide them with the correct amount of access to the environment to allow them to operate without impeding the work.

Microsoft Defender

This section describes the design decisions associated with Microsoft Defender on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Windows Hardening

This section describes the design decisions associated with Windows Defender Application Control on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Microsoft Edge Hardening

This section describes the design decisions associated with Microsoft Edge on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Windows Defender Application Control

This section describes the design decisions associated with Windows Defender Application Control on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Identity Providers

This section describes the design decisions associated with identity providers for Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Endpoint analytics

This section describes the design decisions associated with endpoint analytics on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Telemetry Collection

This section describes the design decisions associated with telemetry collection on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Microsoft Office Hardening

This section describes the design decisions associated with Microsoft Office on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Microsoft Office Macro Hardening

This section describes the design decisions associated with Microsoft Office macros on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

OLE Hardening

This section describes the design decisions associated with Object Linking and Embedding (OLE) on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Local Administrator

This section describes the design decisions associated with local administrator accounts on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra