Nice. I hadn't heard about it yet. Like any assessment tool, I wonder what "knowledge base of rules" refers to and if it'll change as threats change, new one emerge and new exploits are found. Interesting, nonetheless, so thanks for posting it.
Had a quick run. Some things it flags are you can set baselines though, which seems interesting; Microsoft acknowledge that different places have different requirements! Others seem to be based on some guidelines they have somewhere, for example "CLR should be disabled", "Remote Access feature should be disabled".
Looking over the page you linked, and the page for the Vulnerability Assessment tool itself, I'm wondering if MS is using the DISA STIGs as the base for the recommendations...
More likely, I suspect, MS provides input on the STIGs and is using that, rather than the other way around...
Going to have to look at this and play with it on my lab and see...