diff --git a/windows/device-security/TOC.md b/windows/device-security/TOC.md
index 2117197290..2cffbe3162 100644
--- a/windows/device-security/TOC.md
+++ b/windows/device-security/TOC.md
@@ -661,7 +661,9 @@
### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md)
### [TPM recommendations](tpm/tpm-recommendations.md)
-## [Windows security baselines](windows-security-baselines-version-two.md)
+# [Windows security baselines](windows-security-baselines-version-two.md)
+## [Security Compliance Toolkit](security-compliance-toolkit-10.md)
+## [Get support](get-support-for-security-baselines.md)
## [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
diff --git a/windows/device-security/get-support-for-security-baselines.md b/windows/device-security/get-support-for-security-baselines.md
new file mode 100644
index 0000000000..6dc447735e
--- /dev/null
+++ b/windows/device-security/get-support-for-security-baselines.md
@@ -0,0 +1,95 @@
+---
+title: Get support
+description: This article, and the articles it links to, answers frequently asked question on how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization
+keywords: virtualization, security, malware
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.author: sagaudre
+author: sabrinagaudreau
+ms.date: 10/17/2017
+---
+
+# Get Support
+
+**What is the Microsoft Security Compliance Manager (SCM)?**
+
+The Security Compliance Manager (SCM) has now been retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we have moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy.
+
+More information about this change can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2017/06/15/security-compliance-manager-scm-retired-new-tools-and-procedures/).
+
+**Where can I get an older version of a Windows baseline?**
+
+Any version of Windows baseline before Windows 10 1703 can still be downloaded using SCM. Any future versions of Windows baseline will be available through SCT. See the version matrix in this article to see if your version of Windows baseline is available on SCT.
+
+- [SCM 4.0 Download](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
+- [SCM Frequently Asked Questions (FAQ)](https://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx)
+- [SCM Release Notes](https://social.technet.microsoft.com/wiki/contents/articles/1864.microsoft-security-compliance-manager-scm-release-notes.aspx)
+- [SCM Baseline Download Help](https://social.technet.microsoft.com/wiki/contents/articles/1865.microsoft-security-compliance-manager-scm-baseline-download-help.aspx)
+
+**What file formats are supported by the new SCT?**
+
+The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a .PolicyRules file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. See the [LGPO documentation](https://www.microsoft.com/download/details.aspx?id=55319) for more information. Keep in mind that SCM’s .cab files are no longer supported.
+
+**Does SCT support Desired State Configuration (DSC) file format?**
+
+Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. We are currently developing a tool to provide customers with these features.
+
+**Does SCT support the creation of System Center Configuration Manager (SCCM) DCM packs?**
+
+No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=40855). A tool that supports conversion of GPO backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement).
+
+**Does SCT support the creation of Security Content Automation Protocol (SCAP)-format policies?**
+
+No. SCM supported only SCAP 1.0, which was not updated as SCAP evolved. The new toolkit likewise does not include SCAP support.
+
+
+
+
+## Version Matrix
+
+**Client Versions**
+
+| Name | Build | Baseline Release Date | Security Tools |
+|---|---|---|---|
+|Windows 10 | [1709 (RS3)](https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft/) [1703 (RS2)](https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final/)
[1607 (RS1)](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/)
[1511 (TH2)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1511-threshold-2-final/)
[1507 (TH1)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update/)| October 2017
August 2017
October 2016
January 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+Windows 8.1 |[9600 (April Update)](https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/)| October 2013| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
+Windows 8 |[9200](https://technet.microsoft.com/library/jj916413.aspx) |October 2012| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
+Windows 7 |[7601 (SP1)](https://technet.microsoft.com/library/ee712767.aspx)| October 2009| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
+| Vista |[6002 (SP2)](https://technet.microsoft.com/library/dd450978.aspx)| January 2007| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
+| Windows XP |[2600 (SP3)](https://technet.microsoft.com/library/cc163061.aspx)| October 2001| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
+
+
+
+**Server Versions**
+
+| Name | Build | Baseline Release Date | Security Tools |
+|---|---|---|---|
+|Windows Server 2016 | [SecGuide](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/) |October 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+|Windows Server 2012 R2|[SecGuide](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/)|August 2014 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)|
+|Windows Server 2012|[Technet](https://technet.microsoft.com/library/jj898542.aspx) |2012| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
+Windows Server 2008 R2 |[SP1](https://technet.microsoft.com/library/gg236605.aspx)|2009 | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
+| Windows Server 2008 |[SP2](https://technet.microsoft.com/library/cc514539.aspx)| 2008 | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
+|Windows Server 2003 R2|[Technet](https://technet.microsoft.com/library/cc163140.aspx)| 2003 | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
+|Windows Server 2003|[Technet](https://technet.microsoft.com/library/cc163140.aspx)|2003|[SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
+
+
+
+**Microsoft Products**
+
+| Name | Details | Security Tools |
+|---|---|---|
+Internet Explorer 11 | [SecGuide](https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/)|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
+|Internet Explorer 10|[Technet](https://technet.microsoft.com/library/jj898540.aspx)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
+|Internet Explorer 9|[Technet](https://technet.microsoft.com/library/hh539027.aspx)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
+|Internet Explorer 8|[Technet](https://technet.microsoft.com/library/ee712766.aspx)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
+|Exchange Server 2010|[Technet](https://technet.microsoft.com/library/hh913521.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
+|Exchange Server 2007|[Technet](https://technet.microsoft.com/library/hh913520.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
+|Microsoft Office 2010|[Technet](https://technet.microsoft.com/library/gg288965.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
+|Microsoft Office 2007 SP2|[Technet](https://technet.microsoft.com/library/cc500475.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
+
+
+
+> [!NOTE]
+> Browser baselines are built-in to new OS versions starting with Windows 10
+
diff --git a/windows/device-security/images/community.png b/windows/device-security/images/community.png
index e79ddaafbb..8d99720c6e 100644
Binary files a/windows/device-security/images/community.png and b/windows/device-security/images/community.png differ
diff --git a/windows/device-security/images/download-center.png b/windows/device-security/images/download-center.png
deleted file mode 100644
index 9d08e635b0..0000000000
Binary files a/windows/device-security/images/download-center.png and /dev/null differ
diff --git a/windows/device-security/images/get-support.png b/windows/device-security/images/get-support.png
new file mode 100644
index 0000000000..427ba670de
Binary files /dev/null and b/windows/device-security/images/get-support.png differ
diff --git a/windows/device-security/images/microsoft-intune-updates.png b/windows/device-security/images/microsoft-intune-updates.png
deleted file mode 100644
index a3ecb6cd33..0000000000
Binary files a/windows/device-security/images/microsoft-intune-updates.png and /dev/null differ
diff --git a/windows/device-security/images/security-compliance-toolkit-1.png b/windows/device-security/images/security-compliance-toolkit-1.png
new file mode 100644
index 0000000000..270480af39
Binary files /dev/null and b/windows/device-security/images/security-compliance-toolkit-1.png differ
diff --git a/windows/device-security/images/security-compliance-toolkit.png b/windows/device-security/images/security-compliance-toolkit.png
deleted file mode 100644
index 5c657724b8..0000000000
Binary files a/windows/device-security/images/security-compliance-toolkit.png and /dev/null differ
diff --git a/windows/device-security/security-compliance-toolkit-10.md b/windows/device-security/security-compliance-toolkit-10.md
new file mode 100644
index 0000000000..efcf61835a
--- /dev/null
+++ b/windows/device-security/security-compliance-toolkit-10.md
@@ -0,0 +1,57 @@
+---
+title: Microsoft Security Compliance Toolkit 1.0
+description: This article describes how to use the Security Compliance Toolkit in your organization
+keywords: virtualization, security, malware
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.author: sagaudre
+author: sabrinagaudreau
+ms.date: 10/17/2017
+---
+
+# Microsoft Security Compliance Toolkit 1.0
+
+## What is the Security Compliance Toolkit (SCT)?
+
+The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
+
+The SCT enables administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy.
+
+
+The Security Compliance Toolkit consists of:
+
+- Windows 10 Security Baselines
+ - Windows 10 Version 1709 (Fall Creators Update)
+ - Windows 10 Version 1703 (Creators Update)
+ - Windows 10 Version 1607 (Anniversary Update)
+ - Windows 10 Version 1511 (November Update)
+ - Windows 10 Version 1507
+
+- Windows Server Security Baselines
+ - Windows Server 2016
+ - Windows Server 2012 R2
+
+- Tools
+ - Policy Analyzer tool
+ - Local Group Policy Object (LGPO) tool
+
+
+You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions.
+
+## What is the Policy Analyzer tool?
+
+The Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Its main features include:
+- Highlight when a set of Group Policies has redundant settings or internal inconsistencies
+- Highlight the differences between versions or sets of Group Policies
+- Compare GPOs against current local policy and local registry settings
+- Export results to a Microsoft Excel spreadsheet
+
+Policy Analyzer lets you treat a set of GPOs as a single unit. This makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set.
+
+More information on the Policy Analyzer tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/22/new-tool-policy-analyzer/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
+
+## What is the Local Group Policy Object (LGPO) tool?
+
+LGPO is a tool for transferring Group Policy directly between a host’s registry and a GPO backup file, bypassing the Domain Controller. This gives administrators a simple way to verify the effects of their Group Policy settings directly.
+Documentation for the LGPO tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
\ No newline at end of file
diff --git a/windows/device-security/windows-security-baselines-version-two.md b/windows/device-security/windows-security-baselines-version-two.md
index d3acfc0c4f..ee75c3c43a 100644
--- a/windows/device-security/windows-security-baselines-version-two.md
+++ b/windows/device-security/windows-security-baselines-version-two.md
@@ -12,7 +12,7 @@ ms.date: 10/17/2017
# Microsoft Security Baselines
-**Applies to:**
+**Applies to**
- Windows 10
- Windows Server (Semi-Annual Channel)
@@ -20,9 +20,11 @@ ms.date: 10/17/2017
## Using security baselines in your organization
-Microsoft is dedicated to providing our customers with secure operating systems, such as Windows 10 and Windows Server, as well as secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control of your environments by providing various configuration capabilities. Even though Windows and Windows Server are designed to be secure out-of-the-box, a large number of organizations still want more granular control of their security configurations. To navigate this large number of controls, organizations need guidance for configuring various security features. Microsoft provides this guidance in the form of security baselines.
+Microsoft is dedicated to providing its customers with secure operating systems, such as Windows 10 and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities.
-We recommend implementing an industry-standard configuration that is broadly known and well-tested, such as a Microsoft security baseline, as opposed to creating one yourself. This helps increase flexibility and reduce costs.
+Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security environments. To navigate such environments, organizations need guidance on configuring various security features that have a large number of settings. Microsoft provides this guidance in the form of security baselines.
+
+We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This helps increase flexibility and reduce costs.
Here is a good blog about [Sticking with Well-Known and Proven Solutions](https://blogs.technet.microsoft.com/fdcc/2010/10/06/sticking-with-well-known-and-proven-solutions/).
@@ -30,17 +32,15 @@ Here is a good blog about [Sticking with Well-Known and Proven Solutions](https:
Every organization faces security threats. However, the types of security threats that are of most concern to one organization can be completely different from another organization. For example, an e-commerce company may focus on protecting its Internet-facing web apps, while a hospital may focus on protecting confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.
-A security baseline is a group of settings that reflects Microsoft recommendations and explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
+A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
## Why are security baselines needed?
Security baselines are an essential benefit to customers because they bring together expert knowledge from Microsoft, partners, and customers.
-For example, there are over 3,000 Group Policy settings for Windows 10, which does not include over 1,800 Internet Explorer 11 settings. Of those 4,800 settings, only some of them are security-related. While Microsoft provides extensive guidance on different security features, going through each of them can take a long time. You would have to determine the security impact of each setting on your own. After you've done that, you still need to determine what values each of these settings should be.
+For example, there are over 3,000 Group Policy settings for Windows 10, which does not include over 1,800 Internet Explorer 11 settings. Of these 4,800 settings, only some are security-related. Although Microsoft provides extensive guidance on different security features, exploring each one can take a long time. You would have to determine the security impact of each setting on your own. Then, you would still need to determine the appropriate value for each setting.
-In modern organizations, the security threat landscape is constantly evolving and IT pros and policy makers must keep current with security threats and changes to Windows security settings to help mitigate these threats.
-
-To help faster deployments and increase the ease of managing Windows, Microsoft provides customers with security baselines that are available in formats that can be consumed, such as Group Policy Objects backups.
+In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to Windows security settings to help mitigate these threats. To enable faster deployments and make managing Windows easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Objects backups.
## How can you use security baselines?
@@ -50,146 +50,18 @@ You can use security baselines to:
## Where can I get the security baselines?
-You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit which comprises tools that can assist an admin with managing the baselines in addition to the actual security baselines.
+You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing baselines in addition to the security baselines.
-## Microsoft Security Compliance Toolkit 1.0
-
-### What is the Security Compliance Toolkit (SCT)?
-
-The Security Compliance Toolkit is a set of tools that allows enterprise security administrators to download, analyze, test, edit and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
-
-It enables the administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy.
-
-
-The Security Compliance Toolkit consists of:
-
-- Windows 10 Security Baselines
- - Windows 10 Version 1709 (Fall Creators Update)
- - Windows 10 Version 1703 (Creators Update)
- - Windows 10 Version 1607 (Anniversary Update)
- - Windows 10 Version 1511 (November Update)
- - Windows 10 Version 1507
-
-- Windows Server Security Baselines
- - Windows Server 2016
- - Windows Server 2012 R2
-
-- Tools
- - Policy Analyzer tool
- - Local Group Policy Object (LGPO) tool
-
-
-You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions.
-
-### What is the Policy Analyzer tool?
-
-The Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Its main features are:
-- Highlight when a set of Group Policies has redundant settings or internal inconsistencies
-- Highlight the differences between versions or sets of Group Policies
-- Compare GPOs against current local policy and local registry settings
-- Export results to a Microsoft Excel spreadsheet
-
-Policy Analyzer lets you treat a set of GPOs as a single unit. This makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. It also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set.
-
-More information on the Policy Analyzer tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/22/new-tool-policy-analyzer/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
-
-### What is the Local Group Policy Object (LGPO) tool?
-
-LGPO is a tool for transferring Group Policy directly between a host’s registry and a GPO backup file, bypassing the Domain Controller. This gives administrators a simple way to verify the effects of their Group Policy settings directly.
-Documentation for the LGPO tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
-
-## Version Matrix
-
-**Client Versions**
-
-| Name | Build | Baseline Release Date | Security Tools |
-|---|---|---|---|
-|Windows 10 | [1709 (RS3)](https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft/) [1703 (RS2)](https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final/)
[1607 (RS1)](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/)
[1511 (TH2)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1511-threshold-2-final/)
[1507 (TH1)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update/)| October 2017
August 2017
October 2016
January 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-Windows 8.1 |[9600 (April Update)](https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/)| October 2013| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
-Windows 8 |[9200](https://technet.microsoft.com/library/jj916413.aspx) |October 2012| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
-Windows 7 |[7601 (SP1)](https://technet.microsoft.com/library/ee712767.aspx)| October 2009| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
-| Vista |[6002 (SP2)](https://technet.microsoft.com/library/dd450978.aspx)| January 2007| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
-| Windows XP |[2600 (SP3)](https://technet.microsoft.com/library/cc163061.aspx)| October 2001| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
-
-
-
-**Server Versions**
-
-| Name | Build | Baseline Release Date | Security Tools |
-|---|---|---|---|
-|Windows Server 2016 | [SecGuide](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/)
|October 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-|Windows Server 2012 R2|[SecGuide](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/)|August 2014 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)|
-|Windows Server 2012|[Technet](https://technet.microsoft.com/library/jj898542.aspx) |2012| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
-Windows Server 2008 R2 |[SP1](https://technet.microsoft.com/library/gg236605.aspx)|2009 | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
-| Windows Server 2008 |[SP2](https://technet.microsoft.com/library/cc514539.aspx)| 2008 | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
-|Windows Server 2003 R2|[Technet](https://technet.microsoft.com/library/cc163140.aspx)| 2003 | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
-|Windows Server 2003|[Technet](https://technet.microsoft.com/library/cc163140.aspx)|2003|[SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
-
-
-
-**Microsoft Products**
-
-| Name | Details| Security Tools|
-|---|---|---|
-Internet Explorer 11 | [SecGuide](https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/)|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
-|Internet Explorer 10|[Technet](https://technet.microsoft.com/library/jj898540.aspx)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
-|Internet Explorer 9|[Technet](https://technet.microsoft.com/library/hh539027.aspx)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
-|Internet Explorer 8|[Technet](https://technet.microsoft.com/library/ee712766.aspx)|[SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
-|Exchange Server 2010|[Technet](https://technet.microsoft.com/library/hh913521.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
-|Exchange Server 2007|[Technet](https://technet.microsoft.com/library/hh913520.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
-|Microsoft Office 2010|[Technet](https://technet.microsoft.com/library/gg288965.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
-|Microsoft Office 2007 SP2|[Technet](https://technet.microsoft.com/library/cc500475.aspx)| [SCT 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
-
-
-
-> [!NOTE]
-> Browser baselines are built-in to new OS versions starting with Windows 10
-
-## Get Support
-
-**What is the Microsoft Security Compliance Manager (SCM)?**
-
-The Security Compliance Manager is now retired and is no longer supported. It has been replaced by the Security Compliance Toolkit. The reason for this is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. In order to provide a better service for our customers, we have moved to SCT where we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy.
-
-More information about this change can be found on the Microsoft
-[Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2017/06/15/security-compliance-manager-scm-retired-new-tools-and-procedures/).
-
-**Where can I get an older version of a Windows baseline?**
-
-Any version of Windows baseline before Windows 10 1703, will still be downloadable using SCM. Any future versions of Windows baseline will be available through SCT. See matrix below to see if your version of Windows baseline is available on SCT.
-
-- [SCM 4.0 Download](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)
-- [SCM Frequently Asked Questions (FAQ)](https://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx)
-- [SCM Release Notes](https://social.technet.microsoft.com/wiki/contents/articles/1864.microsoft-security-compliance-manager-scm-release-notes.aspx)
-- [SCM Baseline Download Help](https://social.technet.microsoft.com/wiki/contents/articles/1865.microsoft-security-compliance-manager-scm-baseline-download-help.aspx)
-
-**What file formats are supported by the new SCT?**
-
-The toolkit supports formats created by the Windows GPO backup feature (.pol, inf. and .csv). Policy Analyzer saves its data in XML files with a .PolicyRules file extension. LGPO also supports its own “LGPO text” file format as a text-based analog for the binary registry.pol file format. See the LGPO documentation for more information. Keep in mind that SCM’s .cab files are no longer supported.
-
-**Does SCT support Desired State Configuration (DSC) file format?**
-
-Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. We are currently working on the development of a tool that will provide customers with these features.
-
-**Does SCT support the creation of System Center Configuration Manager (SCCM) DCM packs?**
-
-No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=40855). A tool that supports conversion of GPO backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement).
-
-**Does SCT support the creation of Security Content Automation Protocol (SCAP)-format policies?**
-
-No. SCM only supported SCAP 1.0, which was not updated as SCAP evolved. The new toolkit likewise does not include SCAP support.
+[](security-compliance-toolkit-10.md)
+[](get-support.md)
## Community
-- Microsoft Security Guidance blog -a new discussion forum page where people can ask questions and leave comments.
-
-
[](https://blogs.technet.microsoft.com/secguide/)
-
## Related Videos
-You may also be interested in this channel 9 msdn video:
+You may also be interested in this msdn channel 9 video:
- [Defrag Tools](https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-174-Security-Baseline-Policy-Analyzer-and-LGPO)
## See Also
@@ -201,4 +73,3 @@ You may also be interested in this channel 9 msdn video:
- [Microsoft Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319)
-