Blog Post

Core Infrastructure and Security Blog
4 MIN READ

Applying DISA STIG Settings with Microsoft Intune: Overcoming Native Limitations

ChrisVetter's avatar
ChrisVetter
Icon for Microsoft rankMicrosoft
Oct 15, 2025

Advanced Methods for Enforcing Security Baselines in Modern Endpoint Management

Introduction  The Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) are essential for organizations requiring stringent security compliance, especially with...
Updated Oct 17, 2025
Version 2.0
ChrisVetter
DISA
Intune
Microsoft Endpoint Manager
STIGS
mpt-sd's avatar
mpt-sd
Copper Contributor
Feb 06, 2026

Hello Chris! Thank you for this helpful information! Once the STIG settings are configured in InTune per the methods you describe, how can these settings be regularly verified to meet RMF Continuous Monitoring requirements? Our usual go-to tools to evaluate STIG compliance would be SCC and Evaluate-STIG (and manual STIG verification as needed). Do any DoD approved tools exist to verify InTune managed settings? Also, I assume the best case would be for DISA to produce InTune specific STIG's. Any idea if MS and DISA are working on this? Thank you!

ChrisVetter's avatar
ChrisVetter
Icon for Microsoft rankMicrosoft
Feb 19, 2026

Hello,

Unfortunately, there has been no update to the current tools to look in the new registry locations that are leveraged by Intune and the CSP's it manages. DISA does provide a excel spreadsheet indicating what settings will show as a false positive in the current tools and the location in the registry to validate the setting was applied. I am not tracking any timelines for updated tool sets to get around this but hopefully it is on someone's roadmap.