[network security]How to establish a secure baseline using MSAT and SCM

Takahiro Oda
3 min readDec 29, 2021



Lab Observations/Information Gathered:

  • Assess network risk using free tools from Microsoft and best practices references
  • Use the security compliance manager for the creation of templates and security baselines

MSAT (Microsoft Security Assessment Tool) assesses network risks. For example, I collect this information to determine the risks

· the basic information about the enterprise

· the infrastructure security information

· Application security information

· operations security information

· People security

· Environment information

It shows the business risk profile and defense-in-depth report to see how the organization’s security can mitigate the threats.

It also can provide an executive summary for submitting to senior management.

Security Compliance Manager (SCM) allows for baseline comparisons.

Install Microsoft Security Assessment Tool and create a new profile.

Provide the basic information about the enterprise

Provide the infrastructure security information

Provide Application security information

Provide operations security information

People security

Environment information

Perimeter Defense information

Authentication information

Management and monitoring information

Deployment and use information (Application)

Application design information

Data storage & communications

Operation Environment

Security policy

Patch & update management

Back and Recovery (Operation)

Requirements & assessments


Security hardening is a crucial part of organizational security, and there are some assessment tools such as MSAT and SCM to evaluate the current security posture. Security engineers need to understand these tools to conduct security assessments to enhance the security level of organizations.