Forum Discussion
Security Baseline Version 23H2, greenfield deployment
Hi,
Is there a best practice to start rolling out the Microsoft security baseline. I am in a Greenfield situation where I would like to use this baseline as a starting point. This by first adjusting the baseline by removing what I think might be causing issues for the user. There are a lot of settings in this baseline so I am sure some of them will causes issues for users. Since you simply can't disable the policy and all settings will be reverted what is the best practice around this?
Make a copy of the existing baseline adjust settings and re-apply the correct settings?
I read that Intune is tattooing some settings an the only way to reverse is to wipe and re-deploy, or manually fix in registry.
Any advice on this, maybe not use the baseline and built template gradually.
1 Reply
- I just started reviewing baselines and using them. I want to use them to do the Security Recommendations. My current plan is to build test systems. Let them take inventory, then apply the baselines to the systems.
I was then going to start adding software and see what breaks.
I don't know if that is best practice but I figure if I can use the baselines and still operate in my environment then none are an issue.
The hard part I guess is if something is an issue which policy is the problem. I'm hoping if I do find an issue then event logs should cover it. If it doesn't then I plan on breaking up the policies and applying them to other test machines to see which one breaks.
Luckily, I have VMs so rebuilds are relatively easy. But it is a time-consuming method.
