From 59f9445ab00cf7924700b2cbf4a275c9fd52993b Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 16 Oct 2017 11:52:37 -0700 Subject: [PATCH] Content updates. --- windows/device-security/TOC.md | 2 +- .../get-support-for-security-baselines.md | 10 ++++++---- windows/device-security/windows-security-baselines.md | 4 +++- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/windows/device-security/TOC.md b/windows/device-security/TOC.md index 2cffbe3162..467523b9ca 100644 --- a/windows/device-security/TOC.md +++ b/windows/device-security/TOC.md @@ -661,7 +661,7 @@ ### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md) ### [TPM recommendations](tpm/tpm-recommendations.md) -# [Windows security baselines](windows-security-baselines-version-two.md) +# [Windows security baselines](windows-security-baselines.md) ## [Security Compliance Toolkit](security-compliance-toolkit-10.md) ## [Get support](get-support-for-security-baselines.md) diff --git a/windows/device-security/get-support-for-security-baselines.md b/windows/device-security/get-support-for-security-baselines.md index 6dc447735e..d8f6e43491 100644 --- a/windows/device-security/get-support-for-security-baselines.md +++ b/windows/device-security/get-support-for-security-baselines.md @@ -14,7 +14,7 @@ ms.date: 10/17/2017 **What is the Microsoft Security Compliance Manager (SCM)?** -The Security Compliance Manager (SCM) has now been retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we have moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy. +The Security Compliance Manager (SCM) is now retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we have moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy. More information about this change can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2017/06/15/security-compliance-manager-scm-retired-new-tools-and-procedures/). @@ -29,7 +29,7 @@ Any version of Windows baseline before Windows 10 1703 can still be downloaded u **What file formats are supported by the new SCT?** -The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a .PolicyRules file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. See the [LGPO documentation](https://www.microsoft.com/download/details.aspx?id=55319) for more information. Keep in mind that SCM’s .cab files are no longer supported. +The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a .PolicyRules file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. See the LGPO documentation for more information. Keep in mind that SCM’s .cab files are no longer supported. **Does SCT support Desired State Configuration (DSC) file format?** @@ -43,8 +43,7 @@ No. A potential alternative is Desired State Configuration (DSC), a feature of t No. SCM supported only SCAP 1.0, which was not updated as SCAP evolved. The new toolkit likewise does not include SCAP support. - - +
## Version Matrix @@ -93,3 +92,6 @@ Internet Explorer 11 | [SecGuide](https://blogs.technet.microsoft.com/secguide/2 > [!NOTE] > Browser baselines are built-in to new OS versions starting with Windows 10 +## See also + +[Windows Security Baselines](windows-security-baselines-version-two.md) diff --git a/windows/device-security/windows-security-baselines.md b/windows/device-security/windows-security-baselines.md index ee75c3c43a..b06e5ff382 100644 --- a/windows/device-security/windows-security-baselines.md +++ b/windows/device-security/windows-security-baselines.md @@ -22,7 +22,7 @@ ms.date: 10/17/2017 Microsoft is dedicated to providing its customers with secure operating systems, such as Windows 10 and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities. -Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security environments. To navigate such environments, organizations need guidance on configuring various security features that have a large number of settings. Microsoft provides this guidance in the form of security baselines. +Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security configurations. To navigate the large number of controls, organizations need guidance on configuring various security features. Microsoft provides this guidance in the form of security baselines. We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This helps increase flexibility and reduce costs. @@ -52,6 +52,8 @@ You can use security baselines to: You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing baselines in addition to the security baselines. +The security baselines are included in the [Security Compliance Toolkit (SCT)](images/security-compliance-toolkit-1.png), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines. + [![Security Compliance Toolkit](images/security-compliance-toolkit-1.png)](security-compliance-toolkit-10.md) [![Get Support](images/get-support.png)](get-support.md)