From c6f495d6c9a65262413c83d9060a46cbd8b28aa1 Mon Sep 17 00:00:00 2001 From: Technion Date: Fri, 16 Mar 2018 07:53:01 +0000 Subject: [PATCH 1/3] Fixes #559 by referencing modern password policy. --- .../security-policy-settings/maximum-password-age.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index 5577c3b083..cbcffa7067 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -59,15 +59,15 @@ None. Changes to this policy become effective without a computer restart when th ## Security considerations -This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. +This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of implementation. ### Vulnerability -The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords is a major security risk because that allows a compromised password to be used by the malicious user for as long as the valid user is authorized access. +Modern security guidance does not consider long lifetime passwords a vulnerability. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information. -### Countermeasure +### Considerations -Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements. +Many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet your organization's business requirements. ### Potential impact From 836ae25a11f2001cfe07b399bf9ccfe0ccfdf54d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 22 Mar 2018 14:01:58 -0700 Subject: [PATCH 2/3] revised contribution from technion --- .../security-policy-settings/maximum-password-age.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index cbcffa7067..7057705ad8 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -63,11 +63,13 @@ This section describes how an attacker might exploit a feature or its configurat ### Vulnerability -Modern security guidance does not consider long lifetime passwords a vulnerability. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information. +The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords allows a compromised password to be used by the malicious user for as long as the valid user is authorized access. ### Considerations -Many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet your organization's business requirements. +Mandated password changes are a long-standing security practice, but current research strongly indicates that password expiration has a negative effect. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information. + +Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements. For example, many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet business requirements. ### Potential impact From 2e725ff97f006a10f367c1549a16291b64debd76 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 26 Mar 2018 15:27:27 +0000 Subject: [PATCH 3/3] Merged PR 6642: specify Enterprise --- .../configure-windows-diagnostic-data-in-your-organization.md | 2 +- windows/deployment/update/windows-analytics-get-started.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md index 9529995ecb..ec20ebc2bc 100644 --- a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md @@ -15,7 +15,7 @@ ms.date: 10/17/2017 **Applies to** -- Windows 10 +- Windows 10 Enterprise - Windows 10 Mobile - Windows Server diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index e346db089e..898d4144d7 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -76,7 +76,8 @@ The compatibility update scans your devices and enables application usage tracki >[!IMPORTANT] >Restart devices after you install the compatibility updates for the first time. ->[!NOTE] We recommend you configure your update management tool to automatically install the latest version of these updates. There is a related optional update, [KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513), which can provide updated configuration and definitions for older compatibiltiy updates. For more information about this optional update, see . +>[!NOTE] +>We recommend you configure your update management tool to automatically install the latest version of these updates. There is a related optional update, [KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513), which can provide updated configuration and definitions for older compatibiltiy updates. For more information about this optional update, see .