Security Compliance Manager SCM Installation Video Configuration Manager | MEMCM

Security Compliance Manager SCM Installation Video Configuration Manager | MEMCM? Security Compliance Manager (SCM) provides security baseline management for organizations.

In this post, we will see Security Compliance Manager Installation Video Guide. SCM helps to accelerate your organization’s ability to efficiently manage the security and compliance process.

SCM is mainly used to set up the security and compliance baseline for Microsoft technologies. SCM includes support for Server Operating Systems, Client Operating Systems, IE, Office, Exchange, and Microsoft MCS USGCB (United States Government Configuration Baseline. Security Compliance Manager Installation Video helps to install and configure SCM v4.

SCM 4.0 supports Windows 10 and Server 2016 baselines and bug fixes. SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and SCCM.

Patch My PC

Microsoft Visual C++ 2010 Redistributable, .NET Framework 3.5, and SQL Server 2008 Express got installed during SCM installation. This software is a prerequisite for SCM.

We need to install .NET Framework 3.5 on Windows 10 machines as it comes with .NET Framework 4.0 version. There is a piece of surprise news about the future of SCM releases from Microsoft at the bottom of this post.

Security Compliance Manager Installation Video
Security Compliance Manager

SCM V4 Installation and Importing of Default Baselines

The first step after installing SCM is importing all the default baselines to the database. Default baselines are Windows 7, Windows 2012, Exchange, and Internet Explorer.

Windows 10 and Server 2016 baselines won’t get imported automatically to SCM DB. We must manually import Windows 10 1607, Server 2016, and Server 2012 R2 baselines to SCM DB.

Adaptiva
Security Compliance Manager Installation Video
Security Compliance Manager SCM Installation Video Configuration Manager | MEMCM

Download and Import windows 10 1607 Baseline

From SCM V 4.0 version home page, we can select “Download Microsoft Baseline automatically” to download and import Windows 10 1607 baseline.

This is explained in the video tutorial. Windows 10 1607 Security compliance baseline contains BitLocker Security, Computer security compliance, Credential guard security, Domain security compliance, and user security compliance.

Security Compliance Manager Installation Video
Security Compliance Manager SCM Installation Video Configuration Manager | MEMCM

Define Security policy for your Organization

Windows 10 1607 domain security compliance 1.0 has loads of critical severity settings. This page of SCM shows us the default values of Windows 10 1607 OS. It also gives us Microsoft’s recommended value for each security setting. There is two segregation in this baseline: account lock and password attribute.

If I take an example of “Password attributes” –> Minimum Password age, then there are 3 values 1. Default 2. Microsoft and 3. Customized. For example, the values Microsoft column in Windows 10 1607 baseline is the one I would like to implement as security policies for an organization.

Security Compliance Manager Installation Video
Security Compliance Manager SCM Installation Video Configuration Manager | MEMCM

References

Security Compliance Manager (SCM) retired; new tools and procedures – here

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………

3 thoughts on “Security Compliance Manager SCM Installation Video Configuration Manager | MEMCM”

  1. This is a good article. Thank you.

    I am looking at the GPO for Windows 10 21H2. The new Policy Analyzer tool has the baseline for this, but the policies are put into several categories such User policies, computer polices, audit policies etc.. and out under separate GUI folder. When we install into Active Directory, do we need to create a separate GPO for each of this category? That seems to have more GPOs for a single Win10 OS.

    We used to have a single GPO for the Win10 at least until v1607.

    Is there a single GPO for all the Windows 10 21H2 in stead? Or any idea on how to merge all these “smaller” GPOs into a single one?

    Your feedback would greatly be appreciated.

    Best Regads
    Vishakh

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.