Bleeping computers posted about how Microsoft continues to force its customers to use stronger security defaults. I believe this is the right behavior. Apple is similar in that it will bug people or even sometime require updates to be installed depending on the risk associated with the vulnerability being addressed. Some administrators don’t take security seriously until things go wrong. Then post incident, they switch to the blame game pointing at the technology provider vs reviewing how the technology is purchased. I’ve seen people claim a tool sucks due to it “not preventing” a threat, but later log into the tool and see clear alarms about the threat hence a people and process problem is the root cause.
Enforcing security defaults is a people and process problem. This is why many guidelines highlight how important concepts such as standardization in technology, asset management and enforcing a secure baseline across systems is critical to the reduction of risk. It’s awesome to see vendors forcing the right behavior rather than waiting for customers to not enforce strong security defaults and later complain about the result of the breach.
You can find the post about Microsoft’s better security default enforcement HERE. Bleeping computers also covers other moves Microsoft has made regarding enforcing security defaults prior to this recent announcement. Hopefully other technology platforms will do the same.