Forum Discussion

Peter Daalmans's avatar
Oct 25, 2022

Windows 10/11 22h2 Security Baseline missing in Intune

Hi, can you please enlighten when the Windows 10/11 Security Baseline will be updated to 22H2? The current baseline is of November 2021, I am sure that there are new recommedations in the new baseline ( Windows 10, version 22H2 Security baseline - Microsoft Community Hub ) that would be helpful while managing Windows in a more modern way. 

 

As an example, currently missing the 22H2 option "Allow Administrator account lockout" to manage it without the need of a GPO. 

    • Julia_Idaewor's avatar
      Julia_Idaewor
      Icon for Microsoft rankMicrosoft

      Thanks soupjam for your comment! Correct, this baseline was released as a part of the 2403 release. We mentioned this in the Intune What's New documentation under the tag Updated security baseline for Windows version 23H2 as we do with all new Intune releases.

       

      You'll also be happy to know that the W365 and MDE (Defender) baselines will both be updated and released with new content and on the new unified settings platform next month!

       

      On behalf of our entire team, I want to extend you and everyone else a sincere thank you for your patience and understanding as we diligently worked on finalizing the baseline. This baseline had over 300 settings so it was no easy feat, but once again, thank you for your continued support and for the constant, helpful feedback you all give that help inform our features. 

       

      Please do let me know if you have any further questions.

       

      Thanks,

      Julia

  • David Bargna's avatar
    David Bargna
    Iron Contributor
    Its October 2023. 22H2 baseline is still missing from intune. does anyone at MSFT care? Rick_Munck, @Julial - any news for us poor chumps?
  • ThomasOReilly's avatar
    ThomasOReilly
    Copper Contributor
    I am also having a very difficult time getting all of the 'missing' settings discovered using the PolicyAnalyzer tool configured via Intune.
    Also the PolicyAnalyzer does not account for how Intune and Defender is configuring some settings. As the usual GPO registry keys are not configured in the same location, at least for Defender. So I have spent the last 3 days going through the missing settings, to find some are actually configured.

    So 3 issues really.
    1 - missing native security baselines in Intune
    2 - missing the settings in Intune to actually configure the s new settings
    3 - Policy Analyzer tool is presuming GPO is used to configure the settings
    • AaronMargosis_Tanium's avatar
      AaronMargosis_Tanium
      Iron Contributor
      ThomasOReilly - re #3, that is accurate. Policy Analyzer ingests GPO backups and compares against those settings. It has no knowledge of configuration setting via MDM/CSP.
      • ThomasOReilly's avatar
        ThomasOReilly
        Copper Contributor
        Is there any better tool to verify if a Cloud Only manage Azure AD Joined Intune managed device is compliant with the recommended MS security Baselines? Because sifting through each 'missing' setting is unbelievably tedious.
  • Hi All, Any update on when the baselines will be updated? The current baseline is of November 2021.
    • Julia_Idaewor's avatar
      Julia_Idaewor
      Icon for Microsoft rankMicrosoft
      Hi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
      • philhadley1265's avatar
        philhadley1265
        Copper Contributor
        Hi Julial, I was just wondering if there was any update on when the updated baselines will be in Intune? You mentioned April/May '23 and we are now in June'23. There are a lot of updated security baselines in the Microsoft Security Compliance Toolkit that would be great to have in Intune.
  • TemiNick's avatar
    TemiNick
    Copper Contributor
    We have the same problem, just logged a support case in this
    • Julia_Idaewor's avatar
      Julia_Idaewor
      Icon for Microsoft rankMicrosoft
      Hi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
      • DanielAr1337's avatar
        DanielAr1337
        Copper Contributor

        Julia_Idaewor Hi there, we are preparing the Deployment of Windows 11 22H2 and I wanted to implement the latest Security Baseline for Windows 11 and it still says "November 2021"

        When will the updabe be released? 

         

        BR Daniel

Resources