Release notes for Windows

Review the release notes to learn about updates and resolved issues in Security Compliance Enforcement (SCE) for Windows. You can also review the Known issues and limitations.

To take advantage of new features and resolved issues, install the latest module version. Only the latest version is supported.

v2.2.0

Released 9 December 2025

With SCE for Windows v2.2.0, you can now enforce Center for Internet Security (CIS) controls on the Windows Server 2025 operating system.

New features and enhancements

SCE for Windows now supports the CIS Microsoft Server 2025 Benchmark v1.0.0, Server Level 1.

v2.1.0

Released 25 February 2025

With SCE for Windows v2.1.0, you can enhance the security of your infrastructure by enforcing updated Center for Internet Security (CIS) Benchmarks.

New features and enhancements

SCE for Windows now supports the following CIS Benchmarks:

  • CIS Microsoft Server 2022, v3.0.0, Member Server, Level 1.

  • CIS Microsoft Server 2019, v3.0.0, Member Server, Level 1.

  • CIS Microsoft Server 2016, v3.0.0, Member Server, Level 1.

  • CIS Microsoft Windows 10 Enterprise, v3.0.0, Corporate Enterprise, Level 1.

For a detailed list of updates implemented to enforce the CIS controls, see Reference: Benchmarks and controls.

v2.0.0

Released 7 May 2024

In this release, the Compliance Enforcement Modules are renamed to Security Compliance Enforcement (SCE). The new name highlights the capability to enforce secure configurations for IT infrastructures based on internationally recognized standards. In addition, SCE is now compatible with the latest versions of all Puppet module dependencies.

If you plan to upgrade to v2.0.0, review the updated instructions in Upgrading SCE and Configuring SCE.

New features and enhancements

  • As part of the name change, the module is now available on Puppet Forge under the following name: sce_windows. If you have an active subscription to the Compliance Enforcement Modules (CEM), you are automatically granted access to the SCE modules.
    CEM modules remain on Puppet Forge in a deprecated state for subscribers who want to continue using CEM for the time being, and CEM documentation remains available at Introducing the Compliance Enforcement Modules.
  • In the documentation, configuration examples are updated to replace cem_windows with sce_windows. See Configuring SCE.

  • To take advantage of fixes and improvements in Puppet modules, SCE for Windows now supports the latest versions of its Puppet module dependencies:

    • puppetlabs-stdlib: ≥ 6.0.0 < 10.0.0 (except for 9.0.x, 9.1.x, and 9.2.x, which are not supported)

    • puppetlabs-registry: ≥ 3.2.0 < 6.0.0

    • dsc-networkingdsc: ≥ 8.1.0-0-1 < 10.0.0

    • dsc-auditpolicydsc: ≥ 1.4.0-0-4 < 2.0.0

    • dsc-securitypolicydsc: ≥ 2.10.0-0-3 < 3.0.0

    • puppetlabs-pwshlib: 0.9.0 < 2.0.0

    • puppetlabs-powershell: ≥ 5.0.0 < 7.0.0

      To help avoid operational issues, do not use earlier module versions.