Windows Server Secure By Default
Security is always top of mind of IT professionals. You want to do everything you can to reduce the attack surface of possible threats. Today, server software contains built-in security capabilities but often times they are an option vs default. When software and hardware defenses cooperate you get a tighter defense especially with capabilities like TPM and UEFI.
According to the the Microsoft Windows Server Blog
In the next major release, Microsoft will raise the security standard for Windows Server hardware certification to include these capabilities by default. This change will give customers increased confidence they are deploying Windows Server on platforms that maximize platform integrity without having to modify their RFP process. The new Windows Server certification will require TPM 2.0 installed and enabled by default. For systems that have the next major Windows Server preinstalled, Secure Boot will be enabled by default. These requirements apply to servers where Windows Server will run, including bare metal, virtual machines (guests) running on Hyper-V or on third party hypervisors approved through the Server Virtualization Validation Program (SVVP).
Secure boot and TPM are capabilities that I have not used in the past. Secure boot is used to ensure a device boots using trusted software from the OEM. While Trusted Platform Module (TPM) is a secure processor. Adding these two capabilities to Windows Server is a good start in keeping these systems secure.
This may also push folks to update their server operating systems sooner to take advantage of these features.
Do you struggle with server security? Are you taking advantage of the latest Windows Server operating system? Let me know on Twitter if this is something you are looking forward to.