Microsoft Introduces Basic Web Server Security Tool – Redmondmag.com
Microsoft introduces the Basic Web Server Security Tool
Microsoft this week offered another sneak peek at a new feature in the Operations Management Suite (OMS), this time focused on checking the security compliance of Windows Web servers.
New Web Security Baseline Assessment Overview is part of the OMS security and auditing solution. It compares Microsoft’s recommendations for web server configurations with the configurations detected at the customer. It can also be used to analyze web server security baselines used on Microsoft Azure or “other cloud platforms” that OMS may monitor. OMS is Microsoft’s solution for managing public cloud workloads.
The Basic Web Security Assessment Overview will check registry rules, auditing policies, and security policies for Windows web servers, including .NET, ASP.NET, and Internet Information Services configurations, according to Microsoft documentation. It scans web servers every 24 hours as part of this process. Users see the results in the OMS security and audit dashboard.
The dashboard shows which machines have passed. based on Microsoft’s core security settings recommendations, as well as compliance percentages. There is also a list of failures, as well as severity rankings. Machines that have not been evaluated are also listed. Users can create their own personalized dashboards from the queries used by the tool via the OMS View Designer.
OMS supports running these basic profiles on web servers running Windows Server 2008 R2 through Windows Server 2012 R2. Microsoft is still working on adding support for Windows Server 2016, according to this Microsoft document.