Registry settings
This section describes the design decisions associated with Device Configuration for system(s) built using ASD's Blueprint for Secure Cloud.
Estimated reading time: 1 minute
Registry settings are applied to the Windows registry to modify the underlying operating system. Registry settings are typically changed in a client operating system to configure the system or increase the security of system.
There are several tools available to apply registry settings such as:
- Group Policy
- Microsoft Intune
- Microsoft Endpoint Configuration Manager (MECM)
ASD’s Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016 guidance defines group policy settings along with other recommendations to significantly reduce the attack surface available to malicious attacks.
Cloud native deployments
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| Registry Setting Method | Microsoft Intune | Organisations should use Microsoft Intune to implement and modify user and computer registry settings to comply with ASD’s Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016 guidance. |
Hybrid deployments
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| Registry Setting Method | Group Policy Objects & MECM | Organisations can utilise management solutions such as Group Policy Objects and MECM to implement and modify user and computer registry settings to comply with ASD’s Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016 guidance. |
Related information
Security & Governance
- None identified
Design
- None identified