From 0df087627d8d8bf258704d57f22a68134130860d Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 30 Jan 2025 13:36:49 -0500 Subject: [PATCH 1/4] script variable update --- .../passwordless-strategy/journey-step-3.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/passwordless-strategy/journey-step-3.md b/windows/security/identity-protection/passwordless-strategy/journey-step-3.md index 9bc006a4e0..46402af58c 100644 --- a/windows/security/identity-protection/passwordless-strategy/journey-step-3.md +++ b/windows/security/identity-protection/passwordless-strategy/journey-step-3.md @@ -2,7 +2,7 @@ title: Transition into a passwordless deployment description: Learn about how to transition into a passwordless deployment, the third step of the Microsoft passwordless journey. ms.topic: concept-article -ms.date: 10/29/2024 +ms.date: 01/30/2025 --- # Transition into a passwordless deployment @@ -123,7 +123,7 @@ function Generate-RandomPassword{ $NewPassword = ConvertTo-SecureString -String (Generate-RandomPassword) -AsPlainText -Force -Set-ADAccountPassword -identity $userId -NewPassword $NewPassword -Reset +Set-ADAccountPassword -identity $samAccountName = -NewPassword $NewPassword -Reset ``` If your organizational policies allow it, you can configure the randomized passwords to never expire, or use a long expiration period. This configuration prevents the user from being prompted to change their password. From 1007a030d7c902902a9f7d4c6aeb505a8b7df216 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 30 Jan 2025 13:43:07 -0500 Subject: [PATCH 2/4] fix --- .../identity-protection/passwordless-strategy/journey-step-3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/passwordless-strategy/journey-step-3.md b/windows/security/identity-protection/passwordless-strategy/journey-step-3.md index 46402af58c..3d3f9622e0 100644 --- a/windows/security/identity-protection/passwordless-strategy/journey-step-3.md +++ b/windows/security/identity-protection/passwordless-strategy/journey-step-3.md @@ -123,7 +123,7 @@ function Generate-RandomPassword{ $NewPassword = ConvertTo-SecureString -String (Generate-RandomPassword) -AsPlainText -Force -Set-ADAccountPassword -identity $samAccountName = -NewPassword $NewPassword -Reset +Set-ADAccountPassword -identity $samAccountName -NewPassword $NewPassword -Reset ``` If your organizational policies allow it, you can configure the randomized passwords to never expire, or use a long expiration period. This configuration prevents the user from being prompted to change their password. From 746a55a558255fa98a24c552ec4e49a653707c65 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Fri, 31 Jan 2025 07:47:26 -0600 Subject: [PATCH 3/4] Update security-compliance-toolkit-10.md Removed reference to Server 2012 R2, Office 2016, Windows 10 20H2. Added Server 2025 Updated Office baseline to v2412 --- .../security-compliance-toolkit-10.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md index ced5288d21..3556919a26 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -23,18 +23,16 @@ The Security Compliance Toolkit consists of: - Windows 10 security baselines - Windows 10, version 22H2 - Windows 10, version 21H2 - - Windows 10, version 20H2 - Windows 10, version 1809 - Windows 10, version 1607 - Windows 10, version 1507 - Windows Server security baselines + - Windows Server 2025 - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 - - Windows Server 2012 R2 - Microsoft Office security baseline - - Office 2016 - - Microsoft 365 Apps for Enterprise Version 2206 + - Microsoft 365 Apps for Enterprise Version 2412 - Microsoft Edge security baseline - Microsoft Edge version 128 - Tools From 56501a2715c401e2beb228aaa26e499e5d14c1e1 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Fri, 31 Jan 2025 08:12:47 -0600 Subject: [PATCH 4/4] Update get-support-for-security-baselines.md Updated versions and removed links to SCM --- .../get-support-for-security-baselines.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md index 05f61ccf78..75939e36c9 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -16,16 +16,7 @@ The Security Compliance Manager (SCM) is now retired and is no longer supported. More information about this change can be found on the [Microsoft Security Guidance blog](/archive/blogs/secguide/security-compliance-manager-scm-retired-new-tools-and-procedures). -### Where can I get an older version of a Windows baseline? - -Any version of Windows baseline before Windows 10, version 1703, can still be downloaded using SCM. Any future versions of Windows baseline will be available through SCT. See the version matrix in this article to see if your version of Windows baseline is available on SCT. - -- [SCM 4.0 Download](/previous-versions/tn-archive/cc936627(v=technet.10)) -- [SCM Frequently Asked Questions (FAQ)](https://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx) -- [SCM Release Notes](https://social.technet.microsoft.com/wiki/contents/articles/1864.microsoft-security-compliance-manager-scm-release-notes.aspx) -- [SCM baseline download help](https://social.technet.microsoft.com/wiki/contents/articles/1865.microsoft-security-compliance-manager-scm-baseline-download-help.aspx) - -### What file formats are supported by the new SCT? +### What file formats are supported by the SCT? The toolkit supports formats created by the Windows GPO backup feature (`.pol`, `.inf`, and `.csv`). Policy Analyzer saves its data in XML files with a `.PolicyRules` file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. For more information, see the LGPO documentation. Keep in mind that SCMs' `.cab` files are no longer supported. @@ -56,16 +47,16 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t | Name | Build | Baseline Release Date | Security Tools | |--|--|--|--| +| Windows Server 2025 | [SecGuide](https://techcommunity.microsoft.com/blog/microsoft-security-baselines/windows-server-2025-security-baseline/4358733) | January 2025 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Windows Server 2022 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685) | September 2021 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Windows Server 2019 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) | November 2018 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Windows Server 2016 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) | October 2016 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | -| Windows Server 2012 R2 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) | August 2014 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | ### Microsoft products | Name | Details | Security Tools | |--|--|--| -| Microsoft 365 Apps for enterprise, version 2306 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2306/ba-p/3858702) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +| Microsoft 365 Apps for enterprise, version 2412 | [SecGuide](https://techcommunity.microsoft.com/blog/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2412/4357320) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Microsoft Edge, version 128 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-128/ba-p/4237524) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | ## Related articles