Microsoft Security Compliance Toolkit

Active Directory, Group Policy, Security, Windows Leave a comment

The Microsoft Security Compliance Toolkit is a toolkit released by Microsoft to assist IT and Cyber Security Professionals a collection of tools to apply a set of security baseline for their Windows and Office environment. Effectively help driving organizations to Msft Best Practices for securing Windows and Office.

Directly from the Microsoft’s website:

The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.

The SCT enables administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy.

The Security Compliance Toolkit consists of:

  • Windows 10 security baselines
    • Windows 10 Version 1809 (October 2018 Update)
    • Windows 10 Version 1803 (April 2018 Update)
    • Windows 10 Version 1709 (Fall Creators Update)
    • Windows 10 Version 1703 (Creators Update)
    • Windows 10 Version 1607 (Anniversary Update)
    • Windows 10 Version 1511 (November Update)
    • Windows 10 Version 1507
  • Windows Server security baselines
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
  • Microsoft Office security baseline
    • Office 2016
  • Tools
    • Policy Analyzer tool
    • Local Group Policy Object (LGPO) tool

So, you may ask, what are these baselines?

Once you opened up the SCT, what you will see is there is a collection of zip files that includes Microsoft’s recommended best practices in order to reduce the attack surface of a Microsoft Enterprise Infrastructure. These policies affect a wide range of Windows OS (desktops and servers) along with Microsoft Offices. An IT Professional can either import their own GPOs and compare against these baselines to see where they are at, export them into an excel spreadsheet for further analysis, or even merge GPOs and export them for later use.

These are powerful tools that can be used to quickly and effectively secure a Windows environment. I do not recommend anyone to blindly apply these policies to their environment without at least complete a full analysis and understanding what each configuration does to their environment. That said, every organization will have different needs and challenges and it is completely possible to customize these baselines to match those requirements.

You can learn more about the Security Compliance Toolkit Here (SCT)

Download the SCT here

And visit the Microsoft Security Guidance here.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.