Windows 10

Windows 10 is the latest Operating system released by Microsoft. Microsoft releases 2 major versions of Windows 10 every year. Win 10 is more a mobile operating system than the traditional one. Most of the management activities of Win 10 happens through OMA-DM channel.

Most relevant management channel of Win 10 is MDM instead, of the traditional WMI management. Win 10 security architecture is made based on 3(three) principles. Those three(3) security principles are protect, detect, and respond.  Win 10 pre-breach mitigation is aimed at device protection and threat resistance. Following are the main pillars of Window 10 security architecture.

As per my analysis this Spring Creators update has many security improvements. Following are some of my favourite security enhancement in Win 10 1803 Spring Creators update. I have some other posts on Win 10 security topics, and I recommend to read those to get more details about the Win 10 security road-map and architecture.

Security Compliance Manager SCM Installation Video Configuration Manager 1

Security Compliance Manager SCM Installation Video Configuration Manager

Let’s discuss the Security Compliance Manager SCM Installation Video Configuration Manager. Security Compliance Manager (SCM) provides security baseline management for organizations.

This post will see the Security Compliance Manager Installation Video Guide. SCM helps accelerate your organization’s ability to manage the security and compliance process efficiently.

SCM is mainly used to set up Microsoft technologies ‘security and compliance baselines. It includes support for Server Operating Systems, Client Operating Systems, IE, Office, Exchange, and Microsoft MCS USGCB (United States Government Configuration Baseline). The Security Compliance Manager Installation Video helps to install and configure SCM v4.

SCM 4.0 supports Windows 10 and Server 2016 baselines and bug fixes. SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and SCCM.

Microsoft Visual C++ 2010 Redistributable, .NET Framework 3.5, and SQL Server 2008 Express got installed during SCM installation. This software is a prerequisite for SCM.

Security Compliance Manager SCM Installation Video Configuration Manager

We need to install .NET Framework 3.5 on Windows 10 machines as it comes with .NET Framework 4.0 version. There is some surprising news about the future of SCM releases from Microsoft at the bottom of this post.

Microsoft Security Compliance Manager SetupStatus
SQL Server ExpressInstalling
Microsoft Security Compliance ManagerInstalling
Security Compliance Manager SCM Installation Video Configuration Manager – Table 1
Security Compliance Manager SCM Installation Video Configuration Manager - Fig.1
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.1

SCM V4 Installation and Importing of Default Baselines

The first step after installing SCM is importing all the default baselines to the database. Default baselines are Windows 7, Windows 2012, Exchange, and Internet Explorer.

The Windows 10 and Server 2016 baselines will not be automatically imported to the SCM DB. We must manually import the Windows 10 1607, Server 2016, and Server 2012 R2 baselines to the SCM DB.

Security Compliance Manager SCM Installation Video Configuration Manager - Fig.2
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.2

Download Windows 10 1607 Baseline

From the SCM V 4.0 version home page, we can select “Download Microsoft Baseline automatically” to download and import the Windows 10 1607 baseline.

This is explained in the video tutorial. Windows 10 1607 Security compliance baseline contains BitLocker Security, Computer security compliance, Credential guard security, Domain security compliance, and user security compliance.

Security Compliance Manager SCM Installation Video Configuration Manager - Fig.3
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.3

Define Security Policy for your Organization

Windows 10 1607 domain security compliance 1.0 has many critical severity settings. This page of SCM shows us the default values of Windows 10 1607 and gives us Microsoft’s recommended value for each security setting. This baseline has two segregations: account lock and password attribute.

If I take an example of “Password attributes” –> Minimum Password age, there are 3 values 1. Default 2. Microsoft and 3. Customized. For example, the values of the Microsoft column in the Windows 10 1607 baseline are the ones I would like to implement as security policies for an organization.

Security Compliance Manager SCM Installation Video Configuration Manager - Fig.4
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.4

References

Security Compliance Manager (SCM) retired; new tools and procedures

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module 3

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module? Do you use virtual Windows 10 machines to test the Intune and SCCM policies?

Have you tried to enable BitLocker in a HyperV/VMware virtual machine? Did you ever receive the following error while you tried to enable BitLocker on Windows 10 Virtual Machines?

This Device Can’t Use a Trusted Platform module. Your administrator must set the “Allow Bitlocker without a compatible TPM” option for OS volumes in the “Required additional authentication at startup” policy.

The video below provides a more detailed demonstration. This post helps you show more details about enabling Bitlocker on HyperV and handling error devices that cannot use a trusted platform module.

How to Enable Bitlocker on Hyper V Windows10 Virtual Machine

The video demonstrates resolving the error message “This Device Can’t Use a Trusted Platform Module. Your administrator must set the ‘Allow BitLocker without a compatible TPM’ option in the ‘Require additional authentication at startup’ policy for OS volumes.”

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Video 1

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

Let’s discuss how to enable Bitlocker on HyperV and handle the error device that cannot use a trusted platform module. The screenshot below shows the error message “This device can’t use a Trusted Platform Module.

Your administrator must set the ‘Allow BitLocker without a compatible TPM‘ option in the ‘Require additional authentication at startup’ policy for OS volumes.”

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module - Fig.1
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Fig.1

How to Enable Bitlocker on HyperV

BitLocker will be automatically enabled on modern instant-go devices like Surface Pro 3, Surface Pro 4, etc. However, for other Windows 10 devices, each user needs to enable BitLocker via another method. BitLocker can be enabled using Windows 10 MDM policies, Group Policies, SCCM Policies, etc.  

All the above BitLocker enablement process is more or less straightforward. However, enabling BitLocker on Windows 10 virtual machines is not straightforward. When we try to enable BitLocker from “This PC” or “Control Panel.” 

The user needs to enable the following group policy (GPEDIT.MSC) on the Windows 10 VM to eliminate the TPM error while enabling the BitLocker.

Enabling Group Policy to Resolve TPM Error for BitLocker on Windows 10 VM
Local Computer Policy –> Computer Configuration –> Administrative Template –>
Windows Components –> Bitlocker Drive Encryption –> Operating System Drives –> Require additional authentication at startup –> ENABLE  
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module - Fig.2
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Fig.2

Another important option in the BitLocker enablement process is saving the recovery key. We have four options for saving the BitLocker key: save to your Microsoft accounts, save to a USB flash drive, save to a file, or print the recovery key. How to Enable BitLocker on HyperV and Handle Error Device CanNot Use a Trusted Platform Module.

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module - Fig.3
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Fig.3

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Download the Latest Version of Windows 10 ISO 5

How to Download the Latest Version of Windows 10 ISO

This is a quick post and video about “How to Download the Latest Version of Windows 10 ISO.” There are three methods for downloading the Windows 10 anniversary update (1607).

How to download Windows 10 ISO? Login to TechNet Evaluation Center with Hotmail/Outlook/Live ID and Download Free Windows 10 ISO – Enterprise version. This evaluation is to test Windows 10 1607 for free for 90 days.

How to download Windows 10 ISO 1607 Anniversary update from MSDN? Login to the MSDN Subscriptions Center (for Visual Studio/MSDN subscribers) from here and download the Windows 10 ISO.

In this post, you will find all the details on how to Download the Latest Version of Windows 10 ISO.

How to Download the Latest Version of Windows 10 ISO - Fig.1
How to Download the Latest Version of Windows 10 ISO – Fig.1

How to Download Windows 10 ISO 1607 Anniversary Update from VLSC? – How to Download the Latest Version of Windows 10 ISO

You can log in to the Volume Licensing Service Center (for Volume License customers) from here and download the Windows 10 ISO.

If you already use Windows 10 1511, you can get the updated version from Settings –> Update and Security. How do you download Windows 10 Anniversary Update 1607 for your home machines? How do you Download the Latest Version of Windows 10 ISO?

Download the Latest Version of Windows 10 ISO
Download Windows 10, version 1607 update from Windows Update or Windows Update for Business.
If updates are not appearing on your Windows 10 machine, use the Windows 10 Update Assistant utility.
Download Link
How to Download the Latest Version of Windows 10 ISO – Table 1

SCCM Related Posts Real World Experiences Of SCCM Admins

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.