Forum Discussion

Melot's avatar
Melot
Copper Contributor
May 02, 2025

I'm new to Intune and currently experimenting with the Security Baseline

I'm new to Intune and currently experimenting with the Security Baseline. Could someone help me understand why there are two separate options in the new security baseline, each with the ability to be enabled or disabled?
Sample : 

 

security baselines

2 Replies

  • katPedraza's avatar
    katPedraza
    Icon for Microsoft rankMicrosoft
    May 05, 2025

    On Bogdan comment, sometimes you have to enable a policy to configure the disable. By setting this to the default policy you are making sure the configuration is the way you what it. And if someone does change the registry entry, it will change back again.

  • Bogdan_Guinea's avatar
    Bogdan_Guinea
    Iron Contributor
    May 05, 2025

    Hy,

    the Security Baseline are basically ADMX Backed Policys and they are requiring a specific SyncML format for configuration.

    https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer?WT.mc_id=Portal-fx#internetexplorer-restrictedsiteszoneallowscriptlets

     

    With “Allow scriptlets | Enable -> Scriptlets | Disable”, it is likely that a registry value other than 0 is set for “Allow scriptlets”, as this is normally set under “Allow scriptlets | Disabled”.

    Check the Registry's and conclude for yourself is the best that you can do.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled

    Good luck!

Resources