Microsoft Security Guidance blog
Moving to a new blog platform
The content on Microsoft's MSDN and TechNet blog platforms will soon become read-only. Look for...
Author: Aaron Margosis Date: 06/19/2019
Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903
Microsoft is pleased to announce the final release of the security configuration baseline settings...
Author: Aaron Margosis Date: 05/23/2019
Security baseline (DRAFT) for Windows 10 v1903 and Windows Server v1903
Microsoft is pleased to announce the draft release of the security configuration baseline settings...
Author: Aaron Margosis Date: 04/24/2019
Issue with SystemGuard Launch setting in Windows 10 v1809 and Windows Server 2019
[Update, 17 April 2019: Microsoft released a fix for this issue in the 2019-03 Cumulative Updates...
Author: Aaron Margosis Date: 01/25/2019
Remote Use of Local Accounts: LAPS Changes Everything
Long overdue post revisiting the question about whether and when to block the use of local accounts,...
Author: Aaron Margosis Date: 12/10/2018
Policy Analyzer - minor update
Policy Analyzer is a utility in the Security Compliance Toolkit for analyzing and comparing sets of...
Author: Aaron Margosis Date: 06/29/2018
Security baseline for Windows 10 "April 2018 Update" (v1803) – FINAL
Microsoft is pleased to announce the final release of the security configuration baseline settings...
Author: Aaron Margosis Date: 04/30/2018
Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT
Microsoft is pleased to announce the draft release of the security configuration baseline settings...
Author: Aaron Margosis Date: 03/27/2018
Security baseline for Office 2016 and Office 365 ProPlus apps - FINAL
Microsoft is pleased to announce the final release of the recommended security configuration...
Author: Aaron Margosis Date: 02/13/2018
Security baseline for Office 2016 and Office 365 ProPlus apps - DRAFT
[Update, 12 February 2018: the final version of the Office 2016 baseline has been published here.]...
Author: Aaron Margosis Date: 01/29/2018
Issue with BitLocker/DMA setting in Windows 10 “Fall Creators Update” (v1709)
Update, 27 April 2018: The problem described in this post has been fixed in the April 2018 quality...
Author: Aaron Margosis Date: 01/18/2018
Security baseline for Windows 10 “Fall Creators Update” (v1709) – FINAL
Microsoft is pleased to announce the final release of the recommended security configuration...
Author: Aaron Margosis Date: 10/18/2017
Security baseline for Windows 10 "Fall Creators Update" (v1709) – DRAFT
Microsoft is pleased to announce the draft release of the recommended security configuration...
Author: Aaron Margosis Date: 09/27/2017
Security baseline for Windows 10 “Creators Update” (v1703) – FINAL
Microsoft is pleased to announce the final release of the recommended security configuration...
Author: Aaron Margosis Date: 08/30/2017
Disabling SMBv1 through Group Policy
Version 1 of the Server Message Block (SMB) protocol was developed in the early days of personal...
Author: Aaron Margosis Date: 06/15/2017
Security Compliance Manager (SCM) retired; new tools and procedures
Microsoft reluctantly announces the retirement of the Security Compliance Manager (SCM) tool. At the...
Author: Aaron Margosis Date: 06/15/2017
Security baseline for Windows 10 "Creators Update" (v1703) – DRAFT
Microsoft is pleased to announce the beta release of the recommended security configuration baseline...
Author: Aaron Margosis Date: 06/15/2017
Guidance on Disabling System Services on Windows Server 2016 with Desktop Experience
[Primary authors: Dan Simon and Nir Ben Zvi] [Note that this guidance applies only to Windows Server...
Author: Aaron Margosis Date: 05/29/2017
Policy Analyzer v3.1 PRE-RELEASE
Lots of updates to Policy Analyzer in this unsigned, pre-release preview build -- please post...
Author: Aaron Margosis Date: 10/22/2016
Security baseline for Windows 10 v1607 (“Anniversary Update”) and Windows Server 2016
Microsoft is pleased to announce the release of the security configuration baseline settings for...
Author: Aaron Margosis Date: 10/17/2016
The MSS settings
You can download the custom Administrative Template for the "MSS (Legacy)" settings...
Author: Aaron Margosis Date: 10/02/2016
LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD
LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO)....
Author: Aaron Margosis Date: 09/23/2016
Security Compliance Manager 4.0 now available for download!
The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly...
Author: Sarah Andrabi Date: 07/28/2016
Security baseline for Windows Server 2016 Technical Preview 5 (TP5)
Microsoft is pleased to announce the draft release of the security configuration baseline settings...
Author: Aaron Margosis Date: 05/27/2016
Security baseline for Windows 10 (v1511, "Threshold 2") -- FINAL
Microsoft is pleased to announce the final release of the security configuration baseline settings...
Author: Aaron Margosis Date: 01/22/2016
Security baseline for Windows 10 (v1507, build 10240, TH1, LTSB) -- UPDATE
Based on continuing discussions with security experts in Microsoft, the Center for Internet...
Author: Aaron Margosis Date: 01/22/2016
New tool: Policy Analyzer
Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can...
Author: Aaron Margosis Date: 01/22/2016
LGPO.exe - Local Group Policy Object Utility, v1.0
LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces...
Author: Aaron Margosis Date: 01/21/2016
Security baseline for Windows 10 (“Threshold 2”) – DRAFT
[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...
Author: Aaron Margosis Date: 11/13/2015
Security baseline for Windows 10 (build 10240) – FINAL
[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...
Author: Aaron Margosis Date: 11/13/2015
Windows 10 SCM beta is now live!
Hello, We have just completed the release process for the Security Compliance Manager (SCM) Beta...
Author: Pat Fetty {MSFT} Date: 11/02/2015
Security baseline for Windows 10 - DRAFT
[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...
Author: Aaron Margosis Date: 10/08/2015
Interview on "Taste of Premier" about Security Guidance for Windows 8.1, Windows Server 2012 R2 and IE 11
Aaron Margosis interviewed on Channel 9's Taste of Premier about Security Guidance for Windows...
Author: Aaron Margosis Date: 10/21/2014
SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
Hello, The baselines for Windows 8.1, IE 11 and Server 2012 are now available for download. You can...
Author: Pat Fetty {MSFT} Date: 09/04/2014
Blocking Remote Use of Local Accounts
The use of local accounts for remote access in Active Directory environments is problematic for a...
Author: Aaron Margosis Date: 09/02/2014
What's New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11
The attachment on this post describes what's new in the security baseline recommendations for...
Author: Aaron Margosis Date: 08/15/2014
Configuring Account Lockout
We can recommend an ideal configuration for most of the settings in our security guidance. For...
Author: Aaron Margosis Date: 08/13/2014
Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta
We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows...
Author: Aaron Margosis Date: 08/13/2014
Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 - FINAL
Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1,...
Author: Aaron Margosis Date: 08/13/2014
SCM baselines for Office 2013 have now shipped!
Hello, The Office 2013 SCM baselines are now live and ready for download. There are 2 ways you can...
Author: Pat Fetty {MSFT} Date: 06/25/2014
SCM Office 2013 Beta is now live!
Hello, We have released the SCM beta for Office 2013 on the Connect site. This is a public beta that...
Author: Pat Fetty {MSFT} Date: 04/08/2014
Why We’re Not Recommending “FIPS Mode” Anymore
[Note added 3 Oct 2017 to clarify an occasional misinterpretation: at no point does this blog post...
Author: Aaron Margosis Date: 04/07/2014
Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 (BETA)
Update, 13 August 2014: The final version of this guidance has been posted here.The changes since...
Author: Aaron Margosis Date: 04/07/2014
SQL Server 2012 Baselines are now live!
Baselines for SQL Server 2012 are now live and can be downloaded from the following locaitons:...
Author: Pat Fetty {MSFT} Date: 03/24/2014
Security Compliance Manager 3.0 now available for download!
Secure your environment with SCM 3.0! The Security Compliance Manager (SCM) is a free tool from the...
Author: khengest Date: 02/05/2013