Updates Security baseline (FINAL) for Windows 10 and Windows Server, version 20H2


Level 40
Jan 9, 2020
Block at first sight

We started the journey for cloud protection several years ago. Based on our analysis of the security value versus the cost of implementation, we feel it’s time to add Microsoft Defender Antivirus’ Block At First Sight (BAFS) feature to the security baseline. BAFS was first introduced in Windows 10, version 1607 and allows new malware to be detected and blocked within seconds by leveraging various machine learning techniques and the power of our cloud.
Attack Surface Reduction Rules

We routinely evaluate our Attack Surface Reduction configuration, and based on telemetry and customer feedback we are now recommending configuring two additional Attack Surface Reduction controls: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction\Configure Attack Surface Reduction rules: Use advanced protection against ransomware and Block persistence through WMI event subscription.

This is also interesting too:

You might recall in the draft release of our security baseline for Windows 10, version 1809 we enabled UEFI Memory Attributes Tables, but based on your feedback we removed that recommendation from the final version. After further testing and discussions, we are recommending that you enable Computer Configuration\Administrative Templates\System\Device Guard\Turn on Virtualization Based Security\Require UEFI Memory Attributes Table.
Anyone play with that already?