Microsoft Security Compliance Manager (SCM)

Microsoft Security Compliance Manager (SCM)


Security Compliance Manager 3.0 (SCM 3.0) is a free tool from the Microsoft Solution Accelerator team that enables you to quickly configure and manage your desktops, traditional datacenter, and private cloud using Group Policy and System Center Configuration Manager. In addition to key features from the previous version, SCM 3.0 offers new baselines for Internet Windows Server 2012, Windows 8, and Internet Explorer 10.


SCM provides ready to deploy policies and DCM configuration packs that are tested and fully supported. These baselines are based on Microsoft Security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.
Easily configure computers running the latest Windows® operating systems, Microsoft® Office applications, Windows Internet Explorer®, and Exchange Servers with industry leading knowledge and fully supported tools.

You can leverage SCM to import the current configuration of your computers using two different methods: first, you can import Active Directory-based group policies; second, you can import the configuration of a “golden master” reference machine by using the LocalGPO tool to backup the local group policy which you can then import into SCM. Compare your standards to industry best practices, customize them using rich knowledge, and seamlessly create new policies and DCM configuration packs in the user-friendly UI designed to work with Microsoft System Center Configuration Manager 2007 R2.

Wiki Articles about SCM:

What does SCM do?

SCM provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows® client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including Excel® workbooks, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use SCM to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Key Features and Benefits

SCM provides the following key features and benefits:

  • Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project!
  • Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature!
  • Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important!
  • Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems!
  • To learn more about the Security Compliance Manager tool, visit the TechNet Library.

Setup Requirements

The supported operating systems and requirements to use SCM include:

  • Windows® 7 and Windows® 8 or later
  • Local instance of SQL server 2008 or higher, else SCM will install SQL Server® 2008 Express edition
  • Microsoft .NET Framework 4
  • Windows Installer 4.5
  • Visual C++ 2010 Redist (this is included in SCM MSI)
  • An Internet connection to download Microsoft security baselines.


  • Microsoft® Excel® 2007 or later to export data in Excel workbooks
  • Microsoft Word or Microsoft Word Viewer (available as a free download) can be used to view Word documents

SCM is intended to work with System Center Configuration Manager 2007 or System Center Configuration Manager 2012 SP1 and the desired configuration management (DCM) feature of that product.

Note: You can use the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats (available as a free download) to open, edit, and save documents, workbooks, and presentations in Microsoft Office 2007 file formats. You also can use Microsoft Word or Microsoft Word Viewer (available as a free download) to view Word documents.

More Information

Security Compliance Manager (SCM) is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager provide tested guidance and automated tools to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft. Learn more.

Thanks for using the SCM tool, and feel free to contact us: Security Solutions Questions & Feedback.

Leave a Comment
  • Please add 3 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
  • Horizon_Net edited Revision 24. Comment: added language tags

  • Kurt Dillard edited Revision 23. Comment: Added information about what's included in SCM 2.5 and rewrote the passage about "golden master" to provide a little more clarity.

  • Jeff Sigman MSFT edited Revision 6. Comment: Small change in the MORE INFO section (technet forum)

  • Jeff Sigman MSFT edited Revision 5. Comment: Update REQUIREMENTS section and add our email to the end of the article

  • Jeff Sigman MSFT edited Revision 4. Comment: Clean-up use of the term "SCM"

  • Jeff Sigman MSFT edited Revision 3. Comment: Updating MORE INFO section with blog and fixing download link

  • Jeff Sigman MSFT edited Revision 2. Comment: Adding actual content :) yeah baby - pointing to all other known SCM articles

  • Jeff Sigman MSFT edited Revision 1. Comment: Changing title - going to use this as the main SCM article to point to all other SCM related articles

  • Eric Battalio MSFT edited Original. Comment: Removed query, copied to comment; add stub

Page 1 of 1 (9 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
  • Ed Price - MSFT edited Revision 26. Comment: We do not add "(en-US)" to article titles (it causes some grief), but we would still greatly appreciate your help adding "en-US" to the approximate 6,000 English articles that don't have them yet. Thanks!

Page 2 of 2 (16 items) 12