1) Is security compliance manager a part of SCCM?
2) Is it “free” as part of SCCM, or additional licence fees? Or does it just come as default?
3) How does it work, i.e. how does it enforce a baseline policy against each PC, or is it more a tool to identify a non-compliance machine, as opposed to a similar process to group policy?
4) How can you see non compliant machines from a central console, and once identified, what steps does the admin need to take to make that machine compliant, can this all be done centrally?
Prefer your comments if you use security compliance manager as opposed to just a link.