Many organizations lack security standards across their desktop deployments, and across all Microsoft products and platforms for that matter.
If IT professionals really want to shore up the gaps and weaknesses in their security standards, they must check out and integrate Microsoft's Security Compliance Toolkit and its Windows 10 security baselines. The baselines go beyond common endpoint security controls, such as malware protection, and they are a gold mine for security guidance in Windows 10.
What are the Windows 10 security baselines?
Based on expert feedback from both inside and outside Microsoft, the Windows 10 security baselines are effectively a set of best practices IT pros can use to further lock down their Windows desktops and create and support security policies and standards in their organizations.
The security baselines can also help save IT time and effort and help it focus on the security of the thousands of Group Policy Objects (GPOs) and settings built into Windows 10. In addition, the existence and implementation of Windows 10 security best practices can help demonstrate to third parties, such as business partners and customers, that a company is following an industry standard that serves to minimize network security-related risks.
Not only is this Microsoft guidance free, it's coming from the very creator of the software, so it's well-researched and properly vetted.
How does it work?
Once IT pros download the Security Compliance Toolkit for their particular version of Windows 10, they can peruse the accompanying spreadsheet -- as shown in Figure A -- to see which areas of security they might want to address on an ad hoc basis.
IT pros can use the analysis and testing capabilities in the Security Compliance Toolkit to establish the Windows 10 security best practices for their organizations.
Selecting the download option for the Windows 10 Version 1709 Security Baseline.zip file provides IT with the spreadsheet above, as well as the necessary GPOs, templates and client install script it needs to get rolling.
On the Security Compliance Toolkit download page, IT also has the option to download Microsoft's policy analyzer tools, as well as the Local Group Policy Object Utility for managing local Windows policies.
When establishing Windows 10 security baselines, IT pros should proceed with the goal of balancing Microsoft's recommendations with what they actually need -- based on the results of their vulnerability and penetration testing -- and how it will best work in their deployment.