To navigate a large number of controls and understand its core functions, all organizations require guidance on configuring various security features. Microsoft offers this guidance via its Security Baselines. The security configuration baseline settings for the latest version of Windows “Fall Creators Update is out and ready for download from Microsoft Security Compliance Toolkit 1.0.
The tools available in the toolkit will allow enterprise security administrators to download, analyze, test, edit and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products while comparing them against other security configurations.
Microsoft Security Baseline for Windows 10 v1709
The 1709 baseline package has been added to the Microsoft Security Compliance Toolkit. On that page, click the Download button, then select “Windows 10 Version 1709 Security Baseline.zip” and any other content you want to download, wrote Aaron Margosis of Microsoft in Microsoft Security Guidance Blog.
The 1709 baseline package includes GPOs that can be imported in Active Directory, scripts for applying the GPOs to local policy, custom ADMX files for Group Policy settings, and all the recommended settings in spreadsheet form. The spreadsheet also includes the corresponding settings for configuring through Windows’ Mobile Device Management (MDM), he added further.
The company has also somewhat modified the appearance of the Windows Security Baselines landing page. The differences between the 1709 baseline also known as version 1709, “Redstone 3,” or RS3 and that for Windows 10 v1703 a.k.a., “Creators Update,” “Redstone 2”, RS2 are
- Implementing Attack Surface Reduction rules within Windows Defender Exploit Guard.
- Enabling Exploit Guard’s Network Protection feature to prevent any application from accessing web sites identified as dangerous.
- Enabling a new setting that prevents users from making changes to the Exploit protection settings area in the Windows Defender Security Center.
It’s advisable for users to download Microsoft security baselines, as opposed to creating a baseline themselves since; it is an industry-standard configuration that is broadly known and well-tested.
Microsoft believes it shares the responsibility of providing safe and secure operating systems to its customers and in addition to the security assurance of its products, enable customers to retain fine control over their working environments by providing various configuration capabilities.
