Microsoft Security Guidance blog
Moving to a new blog platform
The content on Microsoft's MSDN and TechNet blog platforms will soon become read-only. Look for...
Date: 06/19/2019
Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903
Microsoft is pleased to announce the final release of the security configuration baseline settings...
Date: 05/23/2019
Security baseline (DRAFT) for Windows 10 v1903 and Windows Server v1903
Microsoft is pleased to announce the draft release of the security configuration baseline settings...
Date: 04/24/2019
Issue with SystemGuard Launch setting in Windows 10 v1809 and Windows Server 2019
[Update, 17 April 2019: Microsoft released a fix for this issue in the 2019-03 Cumulative Updates...
Date: 01/25/2019
Remote Use of Local Accounts: LAPS Changes Everything
Long overdue post revisiting the question about whether and when to block the use of local accounts,...
Date: 12/10/2018
Policy Analyzer - minor update
Policy Analyzer is a utility in the Security Compliance Toolkit for analyzing and comparing sets of...
Date: 06/29/2018
Security baseline for Windows 10 "April 2018 Update" (v1803) – FINAL
Microsoft is pleased to announce the final release of the security configuration baseline settings...
Date: 04/30/2018
Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT
Microsoft is pleased to announce the draft release of the security configuration baseline settings...
Date: 03/27/2018
Security baseline for Office 2016 and Office 365 ProPlus apps - FINAL
Microsoft is pleased to announce the final release of the recommended security configuration...
Date: 02/13/2018
Security baseline for Office 2016 and Office 365 ProPlus apps - DRAFT
[Update, 12 February 2018: the final version of the Office 2016 baseline has been published here.]...
Date: 01/29/2018
Issue with BitLocker/DMA setting in Windows 10 “Fall Creators Update” (v1709)
Update, 27 April 2018: The problem described in this post has been fixed in the April 2018 quality...
Date: 01/18/2018
Security baseline for Windows 10 “Fall Creators Update” (v1709) – FINAL
Microsoft is pleased to announce the final release of the recommended security configuration...
Date: 10/18/2017
Security baseline for Windows 10 "Fall Creators Update" (v1709) – DRAFT
Microsoft is pleased to announce the draft release of the recommended security configuration...
Date: 09/27/2017
Security baseline for Windows 10 “Creators Update” (v1703) – FINAL
Microsoft is pleased to announce the final release of the recommended security configuration...
Date: 08/30/2017
Disabling SMBv1 through Group Policy
Version 1 of the Server Message Block (SMB) protocol was developed in the early days of personal...
Date: 06/15/2017
Security Compliance Manager (SCM) retired; new tools and procedures
Microsoft reluctantly announces the retirement of the Security Compliance Manager (SCM) tool. At the...
Date: 06/15/2017
Security baseline for Windows 10 "Creators Update" (v1703) – DRAFT
Microsoft is pleased to announce the beta release of the recommended security configuration baseline...
Date: 06/15/2017
Guidance on Disabling System Services on Windows Server 2016 with Desktop Experience
[Primary authors: Dan Simon and Nir Ben Zvi] [Note that this guidance applies only to Windows Server...
Date: 05/29/2017
Policy Analyzer v3.1 PRE-RELEASE
Lots of updates to Policy Analyzer in this unsigned, pre-release preview build -- please post...
Date: 10/22/2016
Security baseline for Windows 10 v1607 (“Anniversary Update”) and Windows Server 2016
Microsoft is pleased to announce the release of the security configuration baseline settings for...
Date: 10/17/2016
The MSS settings
You can download the custom Administrative Template for the "MSS (Legacy)" settings...
Date: 10/02/2016
LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD
LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO)....
Date: 09/23/2016
Security Compliance Manager 4.0 now available for download!
The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly...
Date: 07/28/2016
Security baseline for Windows Server 2016 Technical Preview 5 (TP5)
Microsoft is pleased to announce the draft release of the security configuration baseline settings...
Date: 05/27/2016
Security baseline for Windows 10 (v1511, "Threshold 2") -- FINAL
Microsoft is pleased to announce the final release of the security configuration baseline settings...
Date: 01/22/2016
Security baseline for Windows 10 (v1507, build 10240, TH1, LTSB) -- UPDATE
Based on continuing discussions with security experts in Microsoft, the Center for Internet...
Date: 01/22/2016
New tool: Policy Analyzer
Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can...
Date: 01/22/2016
LGPO.exe - Local Group Policy Object Utility, v1.0
LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces...
Date: 01/21/2016
Security baseline for Windows 10 (“Threshold 2”) – DRAFT
[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...
Date: 11/13/2015
Security baseline for Windows 10 (build 10240) – FINAL
[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...
Date: 11/13/2015
Windows 10 SCM beta is now live!
Hello, We have just completed the release process for the Security Compliance Manager (SCM) Beta...
Date: 11/02/2015
Security baseline for Windows 10 - DRAFT
[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...
Date: 10/08/2015
Interview on "Taste of Premier" about Security Guidance for Windows 8.1, Windows Server 2012 R2 and IE 11
Aaron Margosis interviewed on Channel 9's Taste of Premier about Security Guidance for Windows...
Date: 10/21/2014
SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
Hello, The baselines for Windows 8.1, IE 11 and Server 2012 are now available for download. You can...
Date: 09/04/2014
Blocking Remote Use of Local Accounts
The use of local accounts for remote access in Active Directory environments is problematic for a...
Date: 09/02/2014
What's New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11
The attachment on this post describes what's new in the security baseline recommendations for...
Date: 08/15/2014
Configuring Account Lockout
We can recommend an ideal configuration for most of the settings in our security guidance. For...
Date: 08/13/2014
Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta
We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows...
Date: 08/13/2014
Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 - FINAL
Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1,...
Date: 08/13/2014
SCM baselines for Office 2013 have now shipped!
Hello, The Office 2013 SCM baselines are now live and ready for download. There are 2 ways you can...
Date: 06/25/2014
SCM Office 2013 Beta is now live!
Hello, We have released the SCM beta for Office 2013 on the Connect site. This is a public beta that...
Date: 04/08/2014
Why We’re Not Recommending “FIPS Mode” Anymore
[Note added 3 Oct 2017 to clarify an occasional misinterpretation: at no point does this blog post...
Date: 04/07/2014
Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 (BETA)
Update, 13 August 2014: The final version of this guidance has been posted here.The changes since...
Date: 04/07/2014
SQL Server 2012 Baselines are now live!
Baselines for SQL Server 2012 are now live and can be downloaded from the following locaitons:...
Date: 03/24/2014
Security Compliance Manager 3.0 now available for download!
Secure your environment with SCM 3.0! The Security Compliance Manager (SCM) is a free tool from the...
Date: 02/05/2013