Configuring Windows privacy settings can mean the difference between a secure, hardened Windows environment or a devastating data breach. Attackers can easily take advantage of improperly configured Windows privacy settings to capture data from employee devices -- and exploit your company.
In Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, authors Mark Dunkerley and Matt Tumbarello provide an in-depth look at how organizations should adjust privacy settings to keep employees and the business protected from external and internal attacks.
In the following excerpt from Chapter 10 of Mastering Windows Security and Hardening, learn which Windows privacy settings your organization should have enabled. Follow along as Dunkerley and Tumbarello list various privacy settings and how to set them to not only ensure personalized UX, but also the utmost security. Download the entire PDF of Chapter 10 to learn how to mitigate common attack vectors, such as man-in-the-middle attacks and privilege escalation.
Check out an interview where Dunkerley and Tumbarello share their top enterprise Windows security tips.
Windows has many great features that provide a personalized and enhanced connected experience for its users. To support this personalization, Windows has permission settings that control what data and device features that applications are allowed to access. A few examples include allowing an application to access the camera, device location, or microphone. Unless controlled by a policy, many of these privacy permissions are allowed by default and could pose a potential privacy risk for some organizations. To view the Windows privacy settings, open Settings and choose Privacy & Security. Here, you can get an idea of the types of permissions that are available to applications, such as access to speech settings, diagnostics and feedback, activity history, and more. Through Settings, you can granularly configure app-specific permissions or allow or deny all for each permission type.
Let's run through a few settings and where we can configure them using Intune. Note that some of these privacy permissions may need to remain enabled if you are using solutions such as Log Analytics or Endpoint Analytics in Microsoft Endpoint Manager to collect telemetry data from the endpoints.
The Privacy & Security settings are available in the Intune Settings catalog and Templates. If the policies don't exist in the UI, they can also be mapped using a custom template if a CSP is available, by pushing a registry key with PowerShell scripts, and so on. Let's look at a few places we can configure these settings as they are hard to find based on the friendly name shown in the Windows Settings app. You can search for them using Settings Picker in the Settings Catalog area:
We didn't list every setting as some of them don't have mapped CSPs or Group Policy settings. It may be possible to configure them directly with registry keys, but that is outside the scope of this book.
Next, let's look at setting application-specific privacy permissions.
Using Intune, you can configure the access that specific applications have to privacy features. Most of these settings can be found in the Settings Catalog area by searching for Privacy in Settings Picker. For example, in the following screenshot, we have set the Let Apps Access Camera policy to Force deny and configured a list of allowed apps using Let Apps Access Camera Force Allow These Apps:
Configuring an application allow list is only supported for Microsoft Store apps at the time of writing. To do this, you will need to gather the application's Package Family Name (PFN) using the Microsoft Store URL or PowerShell. For example, to find the PFN for the Camera app using PowerShell, run Get-AppXPackage *Camera | Select Name, PackageFamilyName , as shown here:
You cannot control camera access to third-party apps selectively. Setting Let Apps Access Camera to Force deny will block third-party apps.
For more information about finding the package family name using PowerShell or the Microsoft app store, go to https://docs.microsoft.com/en-us/mem/ configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn .
Let's look at a few additional privacy settings that you should consider that are not listed in the Privacy & Security settings. It's worth evaluating them and determining if they should be disabled on company devices, depending on your privacy controls:
About the authors Mark Dunkerley is a cybersecurity and technology leader with over 20 years of experience working in higher education, healthcare and Fortune 100 companies. Dunkerley has extensive knowledge in IT architecture and cybersecurity through delivering secure technology solutions and services. He has experience in cloud technologies, vulnerability management, vendor risk management, identity and access management, security operations, security testing, awareness and training, application and data security, incident and response management, regulatory and compliance, and more. Dunkerley holds a master's degree in business administration and has received certifications through (ISC)2, AirWatch, Microsoft, CompTIA, VMware, Axelos, Cisco and EMC. He has spoken at multiple events, is a published author, sits on customer advisory boards, has published several case studies and is featured as one of Security Magazine's 2022 Top Cybersecurity Leaders.
Matt Tumbarello is a senior solutions architect. He has extensive experience working with the Microsoft security stack, Azure, Microsoft 365, Intune, Configuration Manager and virtualization technologies. He also has a background working directly with Fortune 500 executives in a technical enablement role. Tumbarello has published reviews for Azure security products, privileged access management vendors and mobile threat defense solutions. He also holds several Microsoft certifications.
As multi-cloud networking becomes an industry standard, enterprises increasingly seek tools to wrangle data, services and ...
Despite the volatile economy and tech industry, networking pros should see a strong job market in 2023, with opportunities for ...
When planning wireless network capacity needs, tally your total endpoints, monitor application bandwidth usage and consider ...
CIOs and IT leaders who want to implement sustainability programs can't ignore the human element. Learn strategies to build a ...
When building a list of emerging technologies to watch, it's essential to also consider sustainability -- a concept gaining more ...
Looking for information on digital transformation? Our list of 12 must-reads covers everything from formulating a digital ...
Hoping to gain back market share from AMD, Intel debuted what it believes is the fastest processor for mobile devices. The new ...
These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right ...
Modern enterprise organizations have numerous options to choose from on the endpoint market. Learn about some of the main ...
EC2 instances that are improperly sized drain money and restrict performance demands on workloads. Learn how to right-size EC2 ...
To add another level of security, find out how to automatically rotate keys within Azure key vault with step-by-step instructions...
Terraform manages resources using configuration files within cloud platforms. Follow this step-by-step tutorial to learn how to ...
Global CE giant unveils infotainment slate, including partnership to develop next-generation autonomous driving solution proof of...
Mobile tech giant uses CES to reveal more of automotive tech slate in partnership with leading customer relationship management ...
ChatGPT is one of a new breed of AI models that promises to deliver machine-based creativity
All Rights Reserved, Copyright 2000 - 2023, TechTarget Privacy Policy Cookie Preferences Do Not Sell or Share My Personal Information