Security Compliance Manager 4.0 now available for download!

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016. You can easily configure computers running Windows 10 and Windows Server…

43

Windows 10 SCM beta is now live!

Hello, We have just completed the release process for the Security Compliance Manager (SCM) Beta security baseline for Windows 10 and the baseline is now ready for download! This is a public beta and anyone with a Microsoft account can download this baseline and give us feedback.  Anyone who wishes to download the beta should…


Security baseline for Windows 10 - DRAFT

[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507 (TH1) and Windows 10 v1511 (TH2).] Microsoft is pleased to announce the beta release of the security baseline settings for Windows 10 along with updated baseline settings for Internet Explorer 11. With this release we have taken a different approach from…

16

Windows 10 and Security Compliance Manager (SCM) Baselines

[UPDATE: The draft guidance has been published here.] Hello, We have been receiving quite a few inquiries regarding SCM security baselines for Windows 10.  The baselines are currently in development, and have been for a few weeks now and we are targeting a public beta either later this month (August) or September.  The Windows 10…


SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!

Hello, The baselines for Windows 8.1, IE 11 and Server 2012 are now available for download. You can download these via 2 methods.  The simplest is to open the SCM tool and select the option to "Download Microsoft baselines automatically"   The other option is to download the CAB file manually and import them into…

5

Blocking Remote Use of Local Accounts

The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an attacker with administrative rights on one machine can easily obtain the account’s password…

14

Configuring Account Lockout

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one size fits all” setting, but there’s a lot of heated discussion whenever anyone tries to pick…

11

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons for them. Account Lockout Threshold: we’re changing the incorrect-password threshold that…

2

SCM baselines for Office 2013 have now shipped!

Hello, The Office 2013 SCM baselines are now live and ready for download. There are 2 ways you can download the CAB files.  The simplest will be to open the SCM tool and it will automatically discover that there are new baselines available to download and import and then simply follow the wizard in SCM….