Forum Discussion
Windows 10/11 22h2 Security Baseline missing in Intune
Hi, can you please enlighten when the Windows 10/11 Security Baseline will be updated to 22H2? The current baseline is of November 2021, I am sure that there are new recommedations in the new baseline ( Windows 10, version 22H2 Security baseline - Microsoft Community Hub ) that would be helpful while managing Windows in a more modern way.
As an example, currently missing the 22H2 option "Allow Administrator account lockout" to manage it without the need of a GPO.
- soupjamCopper ContributorJust so everyone knows they seemingly stealth updated the baseline to 23h2. I can't say I saw this mentioned in official channels
https://learn.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-23h2- Julia_IdaeworMicrosoft
Thanks soupjam for your comment! Correct, this baseline was released as a part of the 2403 release. We mentioned this in the Intune What's New documentation under the tag Updated security baseline for Windows version 23H2 as we do with all new Intune releases.
You'll also be happy to know that the W365 and MDE (Defender) baselines will both be updated and released with new content and on the new unified settings platform next month!
On behalf of our entire team, I want to extend you and everyone else a sincere thank you for your patience and understanding as we diligently worked on finalizing the baseline. This baseline had over 300 settings so it was no easy feat, but once again, thank you for your continued support and for the constant, helpful feedback you all give that help inform our features.
Please do let me know if you have any further questions.
Thanks,
Julia
- David BargnaIron ContributorIts October 2023. 22H2 baseline is still missing from intune. does anyone at MSFT care? Rick_Munck, @Julial - any news for us poor chumps?
- Rick_MunckMicrosoft
David Bargna unfortunately I don't the control the Intune release details. Julia_Idaewor will have to comment on Intune.
- David BargnaIron Contributorthanks Rick, I wonder if we will get a reply?
- ThomasOReillyCopper ContributorI am also having a very difficult time getting all of the 'missing' settings discovered using the PolicyAnalyzer tool configured via Intune.
Also the PolicyAnalyzer does not account for how Intune and Defender is configuring some settings. As the usual GPO registry keys are not configured in the same location, at least for Defender. So I have spent the last 3 days going through the missing settings, to find some are actually configured.
So 3 issues really.
1 - missing native security baselines in Intune
2 - missing the settings in Intune to actually configure the s new settings
3 - Policy Analyzer tool is presuming GPO is used to configure the settings- AaronMargosis_TaniumIron ContributorThomasOReilly - re #3, that is accurate. Policy Analyzer ingests GPO backups and compares against those settings. It has no knowledge of configuration setting via MDM/CSP.
- ThomasOReillyCopper ContributorIs there any better tool to verify if a Cloud Only manage Azure AD Joined Intune managed device is compliant with the recommended MS security Baselines? Because sifting through each 'missing' setting is unbelievably tedious.
- Dean_GrossSilver Contributor
It is now the end of June, please provide an update. Julia_Idaewor
- SLR_SMicrosoftHi All, Any update on when the baselines will be updated? The current baseline is of November 2021.
- Julia_IdaeworMicrosoftHi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
- philhadley1265Copper ContributorHi Julial, I was just wondering if there was any update on when the updated baselines will be in Intune? You mentioned April/May '23 and we are now in June'23. There are a lot of updated security baselines in the Microsoft Security Compliance Toolkit that would be great to have in Intune.
- TemiNickCopper ContributorWe have the same problem, just logged a support case in this
- Julia_IdaeworMicrosoftHi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
- DanielAr1337Copper Contributor
Julia_Idaewor Hi there, we are preparing the Deployment of Windows 11 22H2 and I wanted to implement the latest Security Baseline for Windows 11 and it still says "November 2021"
When will the updabe be released?
BR Daniel
- Rick_MunckMicrosoft
Peter Daalmans - @JuliaI is the PM for Intune who handles this area. She will be better able to assist you with this.