Forum Discussion

Peter Daalmans's avatar
Oct 25, 2022

Windows 10/11 22h2 Security Baseline missing in Intune

Hi, can you please enlighten when the Windows 10/11 Security Baseline will be updated to 22H2? The current baseline is of November 2021, I am sure that there are new recommedations in the new baseline ( Windows 10, version 22H2 Security baseline - Microsoft Community Hub ) that would be helpful while managing Windows in a more modern way. 

 

As an example, currently missing the 22H2 option "Allow Administrator account lockout" to manage it without the need of a GPO. 

  • TemiNick's avatar
    TemiNick
    Copper Contributor
    We have the same problem, just logged a support case in this
    • Julia_Idaewor's avatar
      Julia_Idaewor
      Icon for Microsoft rankMicrosoft
      Hi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
      • DanielAr1337's avatar
        DanielAr1337
        Copper Contributor

        Julia_Idaewor Hi there, we are preparing the Deployment of Windows 11 22H2 and I wanted to implement the latest Security Baseline for Windows 11 and it still says "November 2021"

        When will the updabe be released? 

         

        BR Daniel

  • Hi All, Any update on when the baselines will be updated? The current baseline is of November 2021.
    • Julia_Idaewor's avatar
      Julia_Idaewor
      Icon for Microsoft rankMicrosoft
      Hi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
      • Mr_Big's avatar
        Mr_Big
        Copper Contributor
        Hi Julial. Was wondering if there are any updates regarding this matter? Does this item exist in the Microsoft 365 roadmap? If yes, could you be kind enough and share the feature ID? Also, do you plan to do a private preview for this change? If yes, how can I go about signing up?
  • ThomasOReilly's avatar
    ThomasOReilly
    Copper Contributor
    I am also having a very difficult time getting all of the 'missing' settings discovered using the PolicyAnalyzer tool configured via Intune.
    Also the PolicyAnalyzer does not account for how Intune and Defender is configuring some settings. As the usual GPO registry keys are not configured in the same location, at least for Defender. So I have spent the last 3 days going through the missing settings, to find some are actually configured.

    So 3 issues really.
    1 - missing native security baselines in Intune
    2 - missing the settings in Intune to actually configure the s new settings
    3 - Policy Analyzer tool is presuming GPO is used to configure the settings
    • AaronMargosis_Tanium's avatar
      AaronMargosis_Tanium
      Iron Contributor
      ThomasOReilly - re #3, that is accurate. Policy Analyzer ingests GPO backups and compares against those settings. It has no knowledge of configuration setting via MDM/CSP.
      • ThomasOReilly's avatar
        ThomasOReilly
        Copper Contributor
        Is there any better tool to verify if a Cloud Only manage Azure AD Joined Intune managed device is compliant with the recommended MS security Baselines? Because sifting through each 'missing' setting is unbelievably tedious.
  • David Bargna's avatar
    David Bargna
    Iron Contributor
    Its October 2023. 22H2 baseline is still missing from intune. does anyone at MSFT care? Rick_Munck, @Julial - any news for us poor chumps?
    • Julia_Idaewor's avatar
      Julia_Idaewor
      Icon for Microsoft rankMicrosoft

      Thanks soupjam for your comment! Correct, this baseline was released as a part of the 2403 release. We mentioned this in the Intune What's New documentation under the tag Updated security baseline for Windows version 23H2 as we do with all new Intune releases.

       

      You'll also be happy to know that the W365 and MDE (Defender) baselines will both be updated and released with new content and on the new unified settings platform next month!

       

      On behalf of our entire team, I want to extend you and everyone else a sincere thank you for your patience and understanding as we diligently worked on finalizing the baseline. This baseline had over 300 settings so it was no easy feat, but once again, thank you for your continued support and for the constant, helpful feedback you all give that help inform our features. 

       

      Please do let me know if you have any further questions.

       

      Thanks,

      Julia

  • AusSupport180's avatar
    AusSupport180
    Brass Contributor

    Sorry, Another question... Can i manage the hybrid workstations running Win 2010/11 using Intune Security Baseline ?

Resources