Windows 10 Security

This post summarizes some tools, courses, certifications and hardening guides related to Windows 10.

As Windows 10 and 11 are very similar, this post applies to both operating systems.

Windows 10 Security Tools

There are different security tools and functionalities available for Windows 10:

General Security: Microsoft Defender for Endpoint, Windows Defender Security Center
Security Analysis: Microsoft Security Compliance Toolkit (SCT)
Antimalware: Windows Defender Antimalware, Windows Defender Exploit Guard, Windows Defender Advanced Threat Protection (ATP)
Antiphising: Windows Defender SmartScreen
Encryption: BitLocker
Firewall: Windows Defender Firewall
Apps: AppLocker, Windows Defender Application Control
Network: IPSec, DNSSEC, VPN
Credential protection: Windows Defender Credential Guard
Browser-based thread: Windows Defender Application Guard
Data Loss Prevention: Windows Information Protection
Group Policy
PKI
PowerShell
Virtualization
Update: Windows Update

There are not many courses dedicated exclusively to Windows desktop security. Sometimes only part of more general Windows courses are referred:

Some parts of official Microsoft course MD-100, linked to certification “Microsoft 365 Certified: Modern Desktop Administrator Associate”
- MD-100T00 “Windows client” module 9 “Configuring Threat Protection and Advanced Security”.
- MD100-T03 “Protecting Windows”
Official Microsoft course “Microsoft Defender for Endpoint Fundamentals“. There is no certification nor exam linked to it
MS-500 part 2 “Implement and manage threat protection” of course MS-500 “Microsoft 365 Security Administration”
Module 2 “Mitigate threats using Microsoft Defender for Endpoint” of course SC-200 “Microsoft Security Operations Analyst”
LinkedIn Learning course “Windows 10: Security“
LinkedIn Learning course “Windows 10 para IT: Conceptos de seguridad” (Spanish)

Certifications directly related to Windows Desktop Security:

More barely related certifications:

Official Microsoft certification “Microsoft Certified: Security, Compliance, and Identity Fundamentals“. It is obtained after passing exam SC-900 “Microsoft Certified: Security, Compliance, and Identity Fundamentals”. This certification is more focused on cloud-based Microsoft services rather than desktop products.
Official Microsoft associate certification “Microsoft 365 Certified: Security Administrator Associate“. It is obtained after passing MS-500 “Microsoft 365 Security Administration”. This certification is more focused on cloud-based Microsoft services rather than desktop products
Official Microsoft associate certification “Microsoft Certified: Security Operations Analyst Associate“. It is obtained after passing SC-200 “Microsoft Security Operations Analyst“. This certification is more focused on cloud-based Microsoft services rather than desktop products.

To find hardening guides, security baselines or standard for Windows 10, please read this post.

Windows 10 versions (in ascending order of cost/customization/functionalities):

Update Channels:

Windows Insider.
Semi annual (targeted), formerly as known current branch (CB). Devices are updated right after versions are validated from Windows Insider program. These updates can be postponed, though.
Semi annual, formerly known as Current Branch for Business (CBB). Devices are updated 4 months after versions are validated from Windows Insider program. It is technically similar to Semiannual (targeted), but with a delay.
LTSC, formerly known as Long Term Service Branch (LTSB): 10-year maintenance

If you need to ascertain your update channel, check this link.

Types of updates:

Microsoft; “Windows Security Baselines“
Microsoft; “Security Documentation“
Microsoft; “Microsoft Security Guidelines blog” (discontinued since 2019)
Jonathan Lefebvre; “How to use the Windows 10 Security Baseline“; SystemCenterDudes.com, 2018-03-26