Microsoft Security Assessment Tool 4.0

Registration Suggested

Registration takes only a few moments and allows Microsoft to provide you with the latest resources relevant to your interests, including service packs, security notices, and training.Please click the Continue button. Registration is suggested for this download:

Select Language:
The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.
  • Version:

    File Name:

    Date Published:


    File Size:

    8.4 MB

      The Microsoft Security Assessment Tool 4.0 is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.

      The tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance. These resources may assist you in keeping you aware of specific tools and methods that can help change the security posture of your IT environment.

      There are two assessments that define the Microsoft Security Assessment Tool:

      • Business Risk Profile Assessment
      • Defense in Depth Assessment (UPDATED)
      The questions identified in the survey portion of the tool and the associated answers are derived from commonly accepted best practices around security, both general and specific. The questions and the recommendations that the tool offers are based on standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from Microsoft’s Trustworthy Computing Group and additional security resources valued in the industry.

      After completing an Assessment, you will gain access to a detailed report of your results. You may also compare your results with those of your peers (by industry and company size), provided that you upload your results anonymously to the secure MSAT Web server. When you upload your data the application will simultaneously retrieve the most recent data available. To be able to provide this comparative data, we need customers such as you to upload their information. All information is kept strictly confidential and no personally identifiable information whatsoever will be sent. For more information on Microsoft's privacy policy, please visit:
  • Supported Operating System

    Windows 7, Windows Server 2003 Service Pack 2, Windows Server 2008, Windows Vista, Windows Vista 64-bit Editions Service Pack 1, Windows Vista Business, Windows Vista Enterprise, Windows Vista Enterprise 64-bit edition, Windows Vista Service Pack 1, Windows Vista Ultimate, Windows Vista Ultimate 64-bit edition, Windows XP Service Pack 2

      • Windows 2000 Professional Edition; Windows Vista; Windows XP Professional Edition SP2, Windows 7
      • .NET Framework Version 3.5
      • Internet Explorer 6.0
      • SQL Server CE 3.5
      You should have the latest service packs installed for your operating system and browser.

      The MSAT does not require an Internet connection for you to use it. But to upload your results and to check for updates, you will need an Internet connection.
    • 1. Click the Download button on this page to start the download.
      2. Do one of the following:
      • To start the installation immediately, click Setup.exe
      • To save the download to your computer for installation at a later time, click Save
      • To cancel the installation, click Cancel
    • Attention Previous MSAT Users

      Changes to the tool have been made that would invalidate your previous assessments. We recommend that you CREATE A NEW BASELINE due to the evolving threat landscape and changes made to the assessments.