Forefront Stirling Policies : Feature of the Week
Even in Beta 1 of Forefront Stirling you can check out the security policy capabilities the product has. I know what you’re thinking – “whoopee, more policies”, but what you can do with the policies in Stirling are quite impressive.
What can you do with Stirling policies?
For each policy, you can easily specify granular compliance settings for Forefront Client Security (FCS), Forefront Server for Exchange (FSE), and various other security state assessments AND specify granular automated actions to be taken to remediate - all from a single console. Some ideas for what you might do with Stirling policies:
In updates past Beta 1, you can eventually expect even more capabilities and integration with other Forefront products.
How does it work?
There are two major components – the policy and the target group. The policy contains all of the settings you are checking for and/or the remediation steps. The target group can be a user, group, computer, OU, or domain. A policy can be bound to one or more target groups and precedence can be set to determine priority if there are conflicts in policy settings. Under the hood, you have Enterprise Security Assessment Sharing (ESAS) and SCCM doing the majority of the communication work related to the policies – which I’ll cover in more depth in future posts.
What’s the catch?
In order to get this functionality working, you’ll need to have the core Stirling infrastructure in place and then utilize the vNext for FCS and FSE installed (if you create policies related to these settings). Also, for the NAP functionality to work – you’re going to need to set up a NAP infrastructure separately.
Find out more about the new approach to align with customer client infrastructure management that will help simplify deployment and reduce costs.