Microsoft’s OSConfig PowerShell module for Windows Server 2025 simplifies enforcing security baselines, automating compliance, and preventing configuration drift. With tailored baselines for server roles, drift control, and customizable settings, OSConfig boosts security and compliance management efficiently. Unique :
Manage Windows Server 2025 Security Baselines with OSConfig
If you’re running Windows Server 2025, Microsoft just made security baseline management way easier. Meet OSConfig, a PowerShell module designed to enforce security settings, automate compliance, and prevent configuration drift.
What’s New with OSConfig?
OSConfig is built exclusively for Windows Server 2025, requiring PowerShell 5.1 or higher and admin rights. You install it straight from the PowerShell Gallery with a simple command:
Install-Module -Name Microsoft.OSConfig -Scope AllUsers -Repository PSGallery -ForceOnce installed, you can check available cmdlets and update OSConfig anytime to stay current with the latest baselines.
Major Updates: Predefined Security Baselines
One of OSConfig’s best features is its predefined security baselines tailored for various server roles:
- Domain Controller
- Member Server
- Workgroup Member
- Secured Core
- Defender Antivirus
Each baseline enforces over 300 security settings, including TLS 2+, SMB 3.0+, and credential protections. Applying a baseline is as easy as running a PowerShell command like this:
Set-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/DomainController -DefaultTo check compliance status, use:
Get-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServerFor those who prefer a GUI, Windows Admin Center integrates OSConfig compliance reports under the Security Baseline tab.
Why Drift Control Matters
OSConfig also includes drift control, which keeps your server’s security configuration locked in a known good state. It automatically fixes any changes that stray from your baseline.
This correction runs every 4 hours by default, but you can tweak it. For example, set drift control to refresh every 45 minutes with:
Set-OSConfigDriftControl -RefreshPeriod 45Customization and Flexibility
While OSConfig shines with its default baselines, you can customize them to fit your organization’s unique needs. Although this requires deeper PowerShell knowledge, Microsoft’s GitHub repo offers detailed guidance.
“OSConfig helps ensure that the system starts and remains in a known good security state.” – Orin Thomas, Microsoft
“OSConfig enables you to enforce security baselines, automate compliance, and prevent configuration drift on Windows Server 2025 computers.” – Orin Thomas, Microsoft
Final Thoughts
For IT pros managing Windows Server 2025 environments, OSConfig is a powerful tool to automate security baseline enforcement and compliance reporting. It reduces manual errors and keeps your servers secure by design.
Want to dive deeper? Check out Microsoft’s official docs for OSConfig:
From the New blog articles in Microsoft Community Hub
Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more
Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more
Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more
Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more
