[Microsoft Solution Accelerators] Security Compliance Manager 3.0 released

The Microsoft Solution Accelerators team has released SCM 3.0

The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using Group Policy and Microsoft System Center Configuration Manager.

SCM provides ready-to-deploy policies and DCM configuration packs based on Microsoft security guide recommendations and industry best practices, allowing you to easily manage configuration drift and address compliance requirements for Windows operating systems, Office applications, and other Microsoft applications.

Now you can easily configure computers running Windows Server 2012, Windows 8, Microsoft Office applications, and Windows Internet Explorer 10 with industry leading knowledge and fully supported tools. In addition to the latest software releases, you can also configure previous additions of Windows Server and Microsoft Office.


Key features in SCM 3.0 include:

• Support for Windows Server 2012, Windows 8, and Internet Explorer 10 product baselines: Secure your environment with new baselines for the latest software releases
• Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
• Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
• Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
• Comparisons against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems.

 You can downlod this great tool here : Microsoft Security Compliance Manager 3.0

[Identity Management] Identity Management in the Age of Hybrid IT

Microsoft just released 2 white papers about Identity Management.

The Four Pillars of Identity

The purpose of this document is to define and provide detailed conceptual information on the four fundamental pillars of identity that can be useful in creating a strategic direction for an identity infrastructure in your organization.  Based on our knowledge and expertise, we at Microsoft, believe that a strong, healthy, and flexible identity infrastructure must consist of processes, technologies, and policies that are derived from these four pillars. It is also our purpose to explore key industry trends related to identity and access management and how you may apply them in your designs. An identity infrastructure is a collection of processes, technologies, and policies for managing digital identities and controlling how identities can be used to access resources.

Wiki version : The Four Pillars of Identity - Identity Management in the Age of Hybrid IT
Word version : The Four Pillars of Identity - Identity Management in the Age of Hybrid IT

Identity Infrastructure Capabilities

The purpose of this document is to provide detailed conceptual information on identity infrastructure capabilities specific to both on-premises and cloud computing that we at Microsoft are most often asked by our customers to implement. It is also in our purpose to provide introductory information on the existing Microsoft solutions that can help you obtain these popular identity infrastructure capabilities. The information presented in this document requires the reader to be familiar with the concepts and understand in detail the four fundamental pillars of an identity infrastructure as defined by our in-house solution architects.

Wiki version : Identity Infrastructure Capabilities-Identity Management in the Age of Hybrid IT
Word version : Identity Infrastructure Capabilities-Identity Management in the Age of Hybrid IT

[Active Directory] Windows Azure Active Directory Cartoon

I'm actually reading Windows Azure AD White Paper (see Active Directory from on-premises to the cloud) and I just found this great video about differences between Windows Server Active Directory and Windows Azure Active Directory.

If you are interested by WAAD you should start by this.

[Active Directory] Active Directory from on-premises to the cloud

Windows Azure AD White Paper has been released.


Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. With the Bring Your Own Apps (BYOA) for the cloud and Software as a Service (SaaS) applications, the desire to better collaborate a la Facebook with the “social” enterprise, the need to support and integrate with social networks, which lead to a Bring Your Own Identity (BYOI) trend, identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud.

Active Directory (AD) is a Microsoft brand for identity related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). Windows Azure AD is AD reimagined for the cloud, designed to solve for you the new identity and access challenges that come with the shift to a cloud-centric, multi-tenant world.

Windows Azure AD can be truly seen as an Identity Management as a Service (IDMaaS) cloud multi-tenant service. This goes far beyond taking AD and simply running it within a virtual machine (VM) in Windows Azure.

To download this White Paper : Active Directory from on-premises to the cloud