News

Microsoft Security Compliance Manager Version 2 (SCM 2) Now Available
Security Compliance Manager 2 provides ready-to-deploy policies and Desired Configuration Manager (DCM) configuration packs that are tested and fully supported. The product baselines included in the tool are based on Microsoft Security Guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.

Microsoft Malware Protection Center Threat Report - Poison Ivy
This Microsoft Malware Protection Center (MMPC) Threat Report provides an overview of the Win32/Poison (Poison Ivy) family of malware. Poison Ivy is a malware family whose primary objective is to allow complete control of infected computers in corporate environments. This report examines the background and functionality of Poison Ivy and provides telemetry data and analysis covering the year 2011 until publication. It also discusses how the threat is detected and removed by Microsoft antimalware products and services.

Security Practices and the Consumerization of IT
Encrypting corporate data and/or segregating corporate data from personal data that might cohabitate on computing devices are becoming aspirational goals for many organizations. Learn why establishing acceptable use policies and increasing awareness of those policies and why good data hygiene is critical, are very effective practices whether your workforce is using mobile devices or desktop PCs.

Microsoft Security Bulletin Summary for November, 2011

http://technet.microsoft.com/en-us/security/bulletin/ms11-nov

Security Bulletin Overview for November 2011

Microsoft Security Response Centre (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067

Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068

Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069

iPod Video (MP4) http://go.microsoft.com/?linkid=9683070

MP3 Audio http://go.microsoft.com/?linkid=9683071

High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072

Zune Video (WMV) http://go.microsoft.com/?linkid=9683073

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804

See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.

Forefront TMG and ISA Server

Forefront Security TechCenter

http://technet.microsoft.com/en-gb/forefront/default.aspx

Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com

Forefront Threat Management Gateway 2010 homepage

http://technet.microsoft.com/en-gb/forefront/ee807302.aspx

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:

Unable to Join a TMG server to the Stand Alone Array

http://blogs.technet.com/b/isablog/archive/2011/11/08/unable-to-join-a-tmg-server-to-the-stand-alone-array.aspx

Use ISA/TMG to distribute your custom WPAD configuration file

http://blogs.technet.com/b/isablog/archive/2011/11/16/use-isa-tmg-to-distribute-your-custom-wpad-configuration-file.aspx

Forefront Unified Access Gateway & Intelligent Application Gateway 2007

Forefront Unified Access Gateway 2010 Technical Resources

http://technet.microsoft.com/en-gb/forefront/edgesecurity/ee907407.aspx

For comments, feedback, and requests, contact the Forefront UAG User Assistance team at uagdocs@microsoft.com.

Forefront Unified Access Gateway Product Team Blog

The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:

On a DA client, the DCA shows a red X or a yellow exclamation mark even when the connection works fine.

http://blogs.technet.com/b/edgeaccessblog/archive/2011/11/09/on-a-da-client-the-dca-shows-a-red-x-or-a-yellow-exclamation-mark-even-when-the-connection-works-fine.aspx

SSO to SharePoint 2010 through UAG when using two authentication schemas

http://blogs.technet.com/b/edgeaccessblog/archive/2011/11/15/sso-to-sharepoint-2010-through-uag-when-using-two-authentication-schemas.aspx

Forefront Edge on the Wiki

The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.

TMG - http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx

Publishing Windows Server Updates Services (WSUS) 3 SP2 through Forefront TMG 2010 SP2

http://social.technet.microsoft.com/wiki/contents/articles/5678.aspx

UAG - http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx

How to Install UAG for Application Publishing on a Single Network

http://social.technet.microsoft.com/wiki/contents/articles/how-to-install-uag-for-application-publishing-on-a-single-network.aspx

Documents

Security Tip of the Month: Simple Security Recommendations When Using Hyper-V
As more small to midsize companies consider virtualization solutions, questions about security and virtualization inevitably arise. Microsoft has a few articles on TechNet that outline some of the key aspects of a secure deployment of the Hyper-V virtualization technology, a feature of Windows Server 2008 R2. To complement the guidelines offered in "Planning for Hyper-V Security," Microsoft IT Evangelist Howard Wong offers some additional thoughts and security considerations around Hyper-V.

Planning for Hyper-V Security
Overall, you should secure the virtual machines running on the virtualization server according to your procedures for securing that kind of server or workload. This document provides best practices to help improve the security of your Windows Server 2008 servers running Hyper-V.

Hyper-V Security Guide
Find instructions and recommendations to help strengthen the security of computers running the Hyper-V role on Windows Server 2008. This guide covers three core topics: hardening Hyper-V, delegating virtual machine management, and protecting virtual machines.

Security Best Practices for Microsoft Enterprise Desktop Virtualization (MED-V) Operations
Get best practices you can follow to help maintain security when preparing, building, testing, deploying, and managing MED-V workspaces.

Authentication of MED-V End Users
Get best practices to follow to help maintain security when verifying the identity of MED-V end users.

Microsoft Application Virtualization (App-V) Security Guide
Familiarize yourself with important information about deployment decisions that can affect the security of your system. This guide provides you with the necessary steps to configure Microsoft App-V security settings to enhance the security of your environment based on the recommendations presented in the downloadable App-V Security Best Practices paper. For those security settings that are specific to Windows, but not to App-V, this guide also offers appropriate links to more information.

Using Smart Cards in Windows Virtual PC
Learn how you can use smartcards in any virtual machine (VM) created using Windows Virtual PC on Windows 7, just as you use smartcards on Windows 7. While each type of smartcard device comes with its own device driver software, that will need to be installed in the operating system (OS) on which the smartcard reader is being used, smartcards can be shared between the host OS (Windows 7) and the VM, or can be assigned exclusively to VMs.

Downloads

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

http://www.microsoft.com/download/en/details.aspx?id=27603

Events/Webcast’s

Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

http://www.microsoft.com/events/security/upcoming.mspx

On-Demand Security Webcasts

http://www.microsoft.com/events/security/ondemand.mspx

Visit TechNet Spotlight: www.microsoft.com/technetspotlight

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more