Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1909 (a.k.a., “19H2”), and for Windows Server version 1909. Note that Windows...
Updated Nov 21, 2019
Version 2.0
Blog Post
Can you please shed light, as an industry best practice , would you recommend the setting?
Because of reported compatibility issues - This is contextual do you mind sharing all the reported compatibility issues.
I understood this for an enterprise, this is a valid setting , so all known programs can get the wavier through a controlled process, or certified by Microsoft , we could make a GPO to wave certain exploit settings for the programs hosted under program files. For users who download from www , all the exploit settings should apply by default, I was tending towards this thinking.
Also please share , how Microsoft populates by default a bunch of .exe , if a vendor reaches out to us with an .exe, is there a a way for users within enterprise to certify that .exe is harmless and include in the list of trusted. How does Microsoft go about certifying for the overrides.
Please share your views on this topic.