Category: SCCM

SCCM Related

Windows 10 Update Servicing Cadence

I’ve heard from many of you that you’d like a primer on our monthly Windows 10 quality update servicing cadence and terminology. In response, I’d like to share our guiding principles, then dive into them further to provide context for the quality updates themselves. Guiding principles We use the following principles for the monthly Windows […]

TPM Readiness Verification

The objective is to verify the TPM is ready for BitLocker encryption before an image is laid down. This is so that if the technician forgets to ready the TPM, it won’t go through the entire build process and then fail near the end, thereby wasting a lot of time. There are five steps to verifying […]

Security baseline for Windows 10 “Creators Update” (v1703)

Microsoft is pleased to announce the beta release of the recommended security configuration baseline settings for Windows 10 “Creators Update,” also known as version 1703, “Redstone 2,” or RS2. Please evaluate this proposed baseline and send us your feedback via blog comments below. Download the content here: Windows-10-RS2-Security-Baseline Microsoft is also announcing changes to the […]

Disabling SMBv1 through Group Policy

Version 1 of the Server Message Block (SMB) protocol was developed in the early days of personal computer networking, and as Ned Pyle describes in his blog post, Stop using SMB1 there are many reasons to cease using it on your networks. We have added that recommendation to our baseline, and have exposed a way […]

Dropping the “Untrusted Font Blocking” setting

With the Windows 10 v1703 security configuration baseline, Microsoft is removing the recommendation to enable the “Untrusted Font Blocking” Group Policy setting in Computer Configuration | Administrative Templates | System | Mitigation Options. Windows 10 includes additional mitigations that make this setting far less important, while blocking untrusted fonts breaks several legitimate scenarios unnecessarily. Parsing […]

Security Compliance Manager (SCM) retired; new tools and procedures

Original Article:   Microsoft reluctantly announces the retirement of the Security Compliance Manager (SCM) tool. At the same time, we are reaffirming our commitment to delivering robust and useful security guidance for Windows, and tools to manage that guidance. Microsoft first released the Security Compliance Manager (SCM) in 2010. It was a mammoth program […]

Disable SMBv1 in your environments with Configuration Manager Compliance Settings

SourceURL:   There has been lots of buzz over the recent ransomware attacks. One of the mitigations to keep the attack from spreading is disabling SMBv1 on all your Windows workstation and servers. One of the easy ways to deploy this out, while also having reports to confirm the settings are set correctly, is […]

Next Page »