Azure - CIS Microsoft Windows Server 2016 RTM Benchmark Compliance

Azure - CIS Microsoft Windows Server 2016 RTM Benchmark Compliance

All virtual machines hosted in Azure should adhere to the campus Departmental IT Security Baseline. Adherence to the Departmental IT Security Baseline is the responsibility of Azure customers.

To make Departmental IT Security Baseline compliance easier, a subset of the Center for Information Security 'CIS Microsoft Windows Server 2016 RTM Benchmark (Level 1)' can be applied to a VM provisioned using Microsoft's Windows Server 2016 RTM templates.

As part of the Windows Server 2016 RTM VM provisioning (recommended):
After a Windows Server 2016 RTM VM has been provisioned:
A copy of the 'Security Configuration Assessment Report for the Windows Server 2016 RTM template can be found here. In addition to the changes documented in the assessment report, Windows Firewall is configured to only allow incoming Remote Desktop connections from Well-known UW-Madison Campus IP address ranges.

To make changes to this configuration (e.g., updating the Windows Update settings), changes must be made using the Group Policy Object Editor:
  • Login to the Windows VM using Remote Desktop
  • Open the Microsoft Management Console (mmc.exe)
  • File -> Add/Remove Snap In...
  • Group Policy Object Editor
  • Add >
  • Group Policy Object: Local Computer
  • Finish
  • OK
Microsoft provides additional details on the Windows settings available for configuration via group policy at

Group Policy Settings Reference for Windows and Windows Server
http://www.microsoft.com/download/details.aspx?id=25250

About the Center for Internet Security

https://www.cisecurity.org/about/

"The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls."

About the CIS Microsoft Windows Server 2016 RTM Benchmark

https://benchmarks.cisecurity.org/

"[The CIS Microsoft Windows Server 2016 RTM Benchmark] provides prescriptive guidance for establishing a secure configuration posture for CIS Microsoft Windows Server 2016 RTM.

To obtain the latest version of this [benchmark], please visit https://benchmarks.cisecurity.org."

See Also:

Commonly Referenced Docs:

UW Madison Public Cloud Team Events
Online Learning Classes for Cloud Vendors
What Data Elements are allowed in the Public Cloud