Policy Analyzer – minor update

Policy Analyzer is a utility in the Security Compliance Toolkit for analyzing and comparing sets of Group Policy Objects (GPOs). We have just posted a minor update that resolves a localization bug reading some non-English advanced auditing settings files (audit.csv), and another bug that would cause Policy Analyzer to crash when reading an invalid GPO backup…

0

Security baseline for Windows 10 “April 2018 Update” (v1803) – FINAL

Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 “April 2018 Update,” also known as version 1803, “Redstone 4,” or RS4. Download the content here: Windows-10-RS4-Security-Baseline-FINAL The downloadable attachment to this blog post (which will be incorporated into the Security Compliance Toolkit shortly) includes importable GPOs, scripts…

7

Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT

Microsoft is pleased to announce the draft release of the security configuration baseline settings for the upcoming Windows 10 version 1803, codenamed “Redstone 4.” Please evaluate this proposed baseline and send us your feedback via blog comments below. Download the content here: DRAFT-Windows-10-v1803-RS4 The downloadable attachment to this blog post includes importable GPOs, scripts for applying…

8

Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL

Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Microsoft Office Professional Plus 2016 and Office 365 ProPlus 2016 apps. There are no changes from the draft release we published a few weeks ago, other than minor corrections within the spreadsheet. Highlights of this baseline: Streamlined baseline Stronger macro…

0

Security baseline for Office 2016 and Office 365 ProPlus apps – DRAFT

[Update, 12 February 2018: the final version of the Office 2016 baseline has been published here.] Microsoft is pleased to announce the draft release of the recommended security configuration baseline settings for Microsoft Office Professional Plus 2016 and Office 365 ProPlus 2016 apps. Please evaluate this proposed baseline and send us your feedback via blog…

2

Issue with BitLocker/DMA setting in Windows 10 “Fall Creators Update” (v1709)

Update, 27 April 2018: The problem described in this post has been fixed in the April 2018 quality update. Customers that deployed Microsoft’s security baseline for Windows 10 v1709 might have experienced device and component failures. The BitLocker GPO settings recommended in the Windows security configuration baselines for Windows 10 include enabling “Disable new DMA…

6

Security baseline for Windows 10 “Fall Creators Update” (v1709) – FINAL

Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Windows 10 “Fall Creators Update,” also known as version 1709, “Redstone 3,” or RS3. There are no changes from the draft release we published a few weeks ago. The 1709 baseline package has been added to the Microsoft Security Compliance…

21

Security baseline for Windows 10 “Fall Creators Update” (v1709) – DRAFT

Microsoft is pleased to announce the draft release of the recommended security configuration baseline settings for Windows 10 “Fall Creators Update,” also known as version 1709, “Redstone 3,” or RS3. Please evaluate this proposed baseline and send us your feedback via blog comments below. Download the content here: Windows-10-RS3-Security-Baseline-DRAFT The downloadable attachment to this blog post includes importable…

14

Security baseline for Windows 10 “Creators Update” (v1703) – FINAL

Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Windows 10 “Creators Update,” also known as version 1703, “Redstone 2,” or RS2. The downloadable attachment to this blog post includes importable GPOs, tools for applying the GPOs, custom ADMX files for Group Policy settings, and all the settings in spreadsheet…

6

Disabling SMBv1 through Group Policy

Version 1 of the Server Message Block (SMB) protocol was developed in the early days of personal computer networking, and as Ned Pyle describes in his blog post, Stop using SMB1 there are many reasons to cease using it on your networks. We have added that recommendation to our baseline, and have exposed a way…

13