Muokkaa

Jaa


Get Support

Frequently asked questions

What is the Microsoft Security Compliance Manager (SCM)?

The Security Compliance Manager (SCM) is now retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we've moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO Backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy.

More information about this change can be found on the Microsoft Security Guidance blog.

Where can I get an older version of a Windows baseline?

Any version of Windows baseline before Windows 10, version 1703, can still be downloaded using SCM. Any future versions of Windows baseline will be available through SCT. See the version matrix in this article to see if your version of Windows baseline is available on SCT.

What file formats are supported by the new SCT?

The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a .PolicyRules file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. For more information, see the LGPO documentation. Keep in mind that SCMs' .cab files are no longer supported.

Does SCT support Desired State Configuration (DSC) file format?

No. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration.

Does SCT support the creation of Microsoft Configuration Manager DCM packs?

No. A potential alternative is Desired State Configuration (DSC), a feature of the Windows Management Framework. For a tool that supports conversion of GPO Backups to DSC format, see BaselineManagement.

Does SCT support the creation of Security Content Automation Protocol (SCAP)-format policies?

No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new toolkit likewise doesn't include SCAP support.

Version matrix

Client versions

Name Build Baseline release date Security tools
Windows 11 24H2
October 2024
SCT 1.0
Windows 11 23H2
October 2023
SCT 1.0
Windows 11 22H2
September 2022
SCT 1.0
Windows 10 22H2
21H2
20H2
1809
1607
1507
October 2022
December 2021
December 2020
October 2018
October 2016
January 2016
SCT 1.0

Server versions

Name Build Baseline Release Date Security Tools
Windows Server 2022 SecGuide September 2021 SCT 1.0
Windows Server 2019 SecGuide November 2018 SCT 1.0
Windows Server 2016 SecGuide October 2016 SCT 1.0
Windows Server 2012 R2 SecGuide August 2014 SCT 1.0

Microsoft products

Name Details Security Tools
Microsoft 365 Apps for enterprise, version 2306 SecGuide SCT 1.0
Microsoft Edge, version 128 SecGuide SCT 1.0

Windows security baselines