New
#1
Change log
Change date Change description March 10, 2024 Revised the Monthly timeline adding more hardening related content and removed the February 2024 entry from the timeline as it is not hardening related.
Introduction
Hardening is a key element of our ongoing security strategy to help keep your estate protected while you focus on your job. Increasingly creative cyberthreats target weaknesses anywhere possible, from the chip to the cloud. Have you seen our publications on hardening on the Windows message center? Some of those recently enforced include DCOM authentication hardening and Netjoin: domain join hardening. Let's review vulnerable areas that are undergoing hardening in the upcoming months.
Note: This article will be updated over time to provide the latest information about hardening changes and timelines. Last updated: March 10, 2024.
Hardening changes at a glance
Review the visual timeline to focus on the specific changes that are of interest to you. Find the details for each phase below.
Figure 1: A visual timeline of the hardening changes taking place in 2023.
Figure 2: A visual timeline of the hardening changes taking place in 2024.
Hardening changes by month
Consult the details for all upcoming hardening changes by month to help you plan for each phase and final enforcement.
April 2024
- Secure Boot bypass protections KB5025885 | Phase 3
Third Deployment phase. This phase will add additional boot manager mitigations. This phase will start no sooner than April 9, 2024.
October 2024 or later
- Secure Boot bypass protections KB5025885 | Phase 3
Mandatory Enforcement phase. The revocations (Code Integrity Boot policy and Secure Boot disallow list) will be programmatically enforced after installing updates for Windows to all affected systems with no option to be disabled.
February 2025 or later
- Certificate-based authentication KB5014754 | Phase 3
Full Enforcement mode. If a certificate cannot be strongly mapped, authentication will be denied.
https://support.microsoft.com/en-us/...1-456721a6551b