Microsoft Security Guidance blog

Moving to a new blog platform

The content on Microsoft's MSDN and TechNet blog platforms will soon become read-only. Look for...

Author: Aaron Margosis Date: 06/19/2019

Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903

Microsoft is pleased to announce the final release of the security configuration baseline settings...

Author: Aaron Margosis Date: 05/23/2019

Security baseline (DRAFT) for Windows 10 v1903 and Windows Server v1903

Microsoft is pleased to announce the draft release of the security configuration baseline settings...

Author: Aaron Margosis Date: 04/24/2019

Issue with SystemGuard Launch setting in Windows 10 v1809 and Windows Server 2019

[Update, 17 April 2019: Microsoft released a fix for this issue in the 2019-03 Cumulative Updates...

Author: Aaron Margosis Date: 01/25/2019

Remote Use of Local Accounts: LAPS Changes Everything

Long overdue post revisiting the question about whether and when to block the use of local accounts,...

Author: Aaron Margosis Date: 12/10/2018

Security baseline (FINAL) for Windows 10 v1809 and Windows Server 2019

Microsoft is pleased to announce the final release of the security configuration baseline settings...

Author: Aaron Margosis Date: 11/20/2018

Security baseline (DRAFT) for Windows 10 v1809 and Windows Server 2019

Microsoft is pleased to announce the draft release of the security configuration baseline settings...

Author: Aaron Margosis Date: 10/01/2018

Policy Analyzer - minor update

Policy Analyzer is a utility in the Security Compliance Toolkit for analyzing and comparing sets of...

Author: Aaron Margosis Date: 06/29/2018

Security baseline for Windows 10 "April 2018 Update" (v1803) – FINAL

Microsoft is pleased to announce the final release of the security configuration baseline settings...

Author: Aaron Margosis Date: 04/30/2018

Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT

Microsoft is pleased to announce the draft release of the security configuration baseline settings...

Author: Aaron Margosis Date: 03/27/2018

Security baseline for Office 2016 and Office 365 ProPlus apps - FINAL

Microsoft is pleased to announce the final release of the recommended security configuration...

Author: Aaron Margosis Date: 02/13/2018

Security baseline for Office 2016 and Office 365 ProPlus apps - DRAFT

[Update, 12 February 2018: the final version of the Office 2016 baseline has been published here.]...

Author: Aaron Margosis Date: 01/29/2018

Issue with BitLocker/DMA setting in Windows 10 “Fall Creators Update” (v1709)

Update, 27 April 2018: The problem described in this post has been fixed in the April 2018 quality...

Author: Aaron Margosis Date: 01/18/2018

Security baseline for Windows 10 “Fall Creators Update” (v1709) – FINAL

Microsoft is pleased to announce the final release of the recommended security configuration...

Author: Aaron Margosis Date: 10/18/2017

Security baseline for Windows 10 "Fall Creators Update" (v1709) – DRAFT

Microsoft is pleased to announce the draft release of the recommended security configuration...

Author: Aaron Margosis Date: 09/27/2017

Security baseline for Windows 10 “Creators Update” (v1703) – FINAL

Microsoft is pleased to announce the final release of the recommended security configuration...

Author: Aaron Margosis Date: 08/30/2017

Disabling SMBv1 through Group Policy

Version 1 of the Server Message Block (SMB) protocol was developed in the early days of personal...

Author: Aaron Margosis Date: 06/15/2017

Dropping the "Untrusted Font Blocking" setting

With the Windows 10 v1703 security configuration baseline, Microsoft is removing the recommendation...

Author: Aaron Margosis Date: 06/15/2017

Security Compliance Manager (SCM) retired; new tools and procedures

Microsoft reluctantly announces the retirement of the Security Compliance Manager (SCM) tool. At the...

Author: Aaron Margosis Date: 06/15/2017

Security baseline for Windows 10 "Creators Update" (v1703) – DRAFT

Microsoft is pleased to announce the beta release of the recommended security configuration baseline...

Author: Aaron Margosis Date: 06/15/2017

Guidance on Disabling System Services on Windows Server 2016 with Desktop Experience

[Primary authors: Dan Simon and Nir Ben Zvi] [Note that this guidance applies only to Windows Server...

Author: Aaron Margosis Date: 05/29/2017

Policy Analyzer v3.1 PRE-RELEASE

Lots of updates to Policy Analyzer in this unsigned, pre-release preview build -- please post...

Author: Aaron Margosis Date: 10/22/2016

Security baseline for Windows 10 v1607 (“Anniversary Update”) and Windows Server 2016

Microsoft is pleased to announce the release of the security configuration baseline settings for...

Author: Aaron Margosis Date: 10/17/2016

The MSS settings

You can download the custom Administrative Template for the "MSS (Legacy)" settings...

Author: Aaron Margosis Date: 10/02/2016

LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD

LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO)....

Author: Aaron Margosis Date: 09/23/2016

Security Compliance Manager 4.0 now available for download!

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly...

Author: Sarah Andrabi Date: 07/28/2016

Security baseline for Windows Server 2016 Technical Preview 5 (TP5)

Microsoft is pleased to announce the draft release of the security configuration baseline settings...

Author: Aaron Margosis Date: 05/27/2016

Security baseline for Windows 10 (v1511, "Threshold 2") -- FINAL

Microsoft is pleased to announce the final release of the security configuration baseline settings...

Author: Aaron Margosis Date: 01/22/2016

Security baseline for Windows 10 (v1507, build 10240, TH1, LTSB) -- UPDATE

Based on continuing discussions with security experts in Microsoft, the Center for Internet...

Author: Aaron Margosis Date: 01/22/2016

New tool: Policy Analyzer

Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can...

Author: Aaron Margosis Date: 01/22/2016

LGPO.exe - Local Group Policy Object Utility, v1.0

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces...

Author: Aaron Margosis Date: 01/21/2016

Changes from the Windows 8.1 baseline to the Windows 10 (TH1/1507) baseline

In collaboration with Windows security experts from US and UK government organizations and from the...

Author: Aaron Margosis Date: 11/18/2015

Security baseline for Windows 10 (“Threshold 2”) – DRAFT

[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...

Author: Aaron Margosis Date: 11/13/2015

Security baseline for Windows 10 (build 10240) – FINAL

[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...

Author: Aaron Margosis Date: 11/13/2015

Windows 10 SCM beta is now live!

Hello, We have just completed the release process for the Security Compliance Manager (SCM) Beta...

Author: Pat Fetty {MSFT} Date: 11/02/2015

Security baseline for Windows 10 - DRAFT

[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507...

Author: Aaron Margosis Date: 10/08/2015

Windows 10 and Security Compliance Manager (SCM) Baselines

[UPDATE: The draft guidance has been published here.] Hello, We have been receiving quite a few...

Author: Pat Fetty {MSFT} Date: 08/05/2015

Interview on "Taste of Premier" about Security Guidance for Windows 8.1, Windows Server 2012 R2 and IE 11

Aaron Margosis interviewed on Channel 9's Taste of Premier about Security Guidance for Windows...

Author: Aaron Margosis Date: 10/21/2014

SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!

Hello, The baselines for Windows 8.1, IE 11 and Server 2012 are now available for download. You can...

Author: Pat Fetty {MSFT} Date: 09/04/2014

Blocking Remote Use of Local Accounts

The use of local accounts for remote access in Active Directory environments is problematic for a...

Author: Aaron Margosis Date: 09/02/2014

The attachment on this post describes what's new in the security baseline recommendations for...

Author: Aaron Margosis Date: 08/15/2014

Configuring Account Lockout

We can recommend an ideal configuration for most of the settings in our security guidance. For...

Author: Aaron Margosis Date: 08/13/2014

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows...

Author: Aaron Margosis Date: 08/13/2014

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 - FINAL

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1,...

Author: Aaron Margosis Date: 08/13/2014

SCM baselines for Office 2013 have now shipped!

Hello, The Office 2013 SCM baselines are now live and ready for download. There are 2 ways you can...

Author: Pat Fetty {MSFT} Date: 06/25/2014

SCM Office 2013 Beta is now live!

Hello, We have released the SCM beta for Office 2013 on the Connect site. This is a public beta that...

Author: Pat Fetty {MSFT} Date: 04/08/2014

Why We’re Not Recommending “FIPS Mode” Anymore

[Note added 3 Oct 2017 to clarify an occasional misinterpretation: at no point does this blog post...

Author: Aaron Margosis Date: 04/07/2014

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 (BETA)

Update, 13 August 2014: The final version of this guidance has been posted here.The changes since...

Author: Aaron Margosis Date: 04/07/2014

SQL Server 2012 Baselines are now live!

Baselines for SQL Server 2012 are now live and can be downloaded from the following locaitons:...

Author: Pat Fetty {MSFT} Date: 03/24/2014

Security Compliance Manager 3.0 now available for download!

Secure your environment with SCM 3.0! The Security Compliance Manager (SCM) is a free tool from the...

Author: khengest Date: 02/05/2013

Next>