PowerShell and DevOps

TMW01 Who's Afraid of PowerShell Security? Introduction to Securing Your Environment

11/16/2022

8:00am - 9:15am

Level: Intermediate

Michael Wiley

Senior Customer Engineer

Microsoft

Myth 1: PowerShell.exe is evil and should be banned

Myth 2: PowerShell Remoting is evil and should be disabled

Myth 3: Execution Policy is a security feature

Myth 4: PowerShell is Powershell.exe

Lots of organizations are scared of PowerShell and try to severely limit its capabilities to prevent PowerShell attacks. Not only does this make the administrator's work harder, but many steps taken to "secure" PowerShell won't work. PowerShell is the world's most secure scripting language when the proper layers of security have been employed.

This session will provide an overview of how to properly secure your environment while also being able to benefit from PowerShell's robust automation features in the cloud and on-prem. We'll explore how to harden remoting, proper versioning of PowerShell, deploying logging, Anti Malware Scanning Interface (AMSI) integration, controlling code execution, and Just Enough Administration (JEA) which will help you be your company's PowerShell security Rockstar!

You will learn:

  • Explore the myths and realities of PowerShell execution policies
  • Discover the layers of security that can be employed without hampering PowerShell’s automation capabilities
  • Understand how to control remoting and other "scary" aspects of PowerShell