This week, Microsoft announced a new commitment to improving security for its products, above all other projects. Coincidentally, Microsoft also announced a new security feature that will be added to a future version of Windows.
In 2020, Microsoft announced the Zero Trust Deployment Center for businesses. In case you are not aware of what Zero Trust means, it's a term used to describe a network security model where every network request for access has to be authenticated, authorized, and encrypted before that access is granted.
In a blog post this week, Microsoft announced it has launched a private preview of Zero Trust DNS. This upcoming Windows feature has been designed for businesses to make their PCs connect only to approved networks.
Zero Trust DNS uses both the Windows DNS client and the Windows Filtering Platform (WFP). Here is what happens when this feature is enabled:
Windows will block all outbound IPv4 and IPv6 traffic except for the connections to the Protective DNS servers as well as the DHCP, DHCPv6, and NDP traffic needed to discover network connectivity information.
Microsoft hopes that admins who use Zero Trust DNS in their security deployments will be able to block any network traffic where the domain name can't be identified. It added:
This renders the use of hard-coded IP addresses or unapproved encrypted DNS servers irrelevant without having to introduce TLS termination and miss out on the security benefits of end-to-end encryption.
As we mentioned, Zero Trust DNS is currently in a private preview test. However, Microsoft says it will be included for members of the Windows Insider Program to try out at some point in the future. Admins who want more information on the feature can check out this blog post, which shows how certain apps and services could be affected by the use of Zero Trust DNS.
Image via Depositphotos
0 Comments - Add comment