Event banner
Event details
MicrosoftI'll list a few definitions here, and if that triggers follow up questions please feel free:
Microsoft WS2025 security baseline: A set of recommended settings for WS2025, developed by the WS2025 security team, inspired by new threats and by prior art including WS2022 SCT baseline, CIS guidance, etc.
Microsoft.OSConfig powershell module: A new PowerShell module from Microsoft which can be used to instruct the OS to apply and sustain specific security postures and features, including the Microsoft WS2025 security baseline.
Azure Machine Configuration: Previously/also known as Guest Configuration, GuestConfig, and Automanage Machine Configuration-- Azure Machine Configuration is a service which (working together with Azure Policy) can configure settings at scale, including various baselines.
Azure Compute Security Baseline: Also known as GuestConfig Security Baseline, ACSB for Windows is what gets applied today when you use the built-in Azure policy for security baselines on Windows (all versions). Note that ACSB includes some conditional logic to handle different OS versions.
Q: Does the Windows baseline (as applied to a Server 2025 machine) via Azure Policy and Machine Configurattion match the Microsoft WS2025 security baseline (as applied by Microsoft.OSConfig PowerShell)?
A: They are very similar, and we are working to get them 100% aligned.
The idea is that you should be able to use PowerShell early, such as during image customization, to ensure systems are protected before they ever hit a network, and then use Azure Policy with Machine Configuration (specifically the Windows baseline there) to audit and sustain that over time.
