Windows 10 Security Framework

  • Published: Wednesday, July 31, 2019

Windows recently released their new security framework (SECCON) which includes policies, security controls and behaviors. Mimicking the DEFCON framework used by US Armed Forces, SECCON adopts the 5 levels of readiness.

There are 5 levels of the SECCON framework. This link, Introducing the Security Configuration Framework, will examine each level in detail.

  • Level 1 (Enterprise Basic Security) This is the minimum security configuration.
  • Level 2 (Enterprise high Security Configuration) Recommended for users who access sensitive or confidential information.
  • Level 3 (Enterprise VIP security) This configuration will require a more sophisticated security team due to the complexity to configure.
  • Level 4 (DevOps workstation) Recommended for developers and testers.
  • Level 5 (Administrator workstation) Level 5 should include all levels of configuration. More configuration guidance on this level is currently being developed.

Many organizations may not get past the first 2 levels but understanding the security implications associated with each level of the framework is important.

Microsoft recommends that security controls should be gradually deployed using the ‘Ring’ methodology:

  1. Test ring- contained in a lab situation to validate apps prior to enforcement of any configuration.
  2. Pilot ring – using 2-5% of the environment.
  3. Fast ring – deploy to 25%
  4. Slow ring- deploy to remaining


Introducing the security configuration framework: A prioritized guide to hardening Windows 10