Event banner
Event details
Security baseline is a very great tool to confirm the security on Endpoints. But there is no good way to find exceptions admins should make when they get feedback from the users. Thier should be a report on the base of these settings which should show users issues are being blocked such that admins are able to make exceptions to these baselines easily
Hi Muhammed, Thanks for your question! I wonder if you're describing the feature that allows your to monitor your baselines and any conflicts they may have when applied to policies. See here and let me know if that doesn't address your comment: https://learn.microsoft.com/en-us/mem/intune/protect/security-baselines-monitor- Mike-Danoski
Microsoft
Adding to what Julia said, at Ignite we announced a new AI based feature that will highlight settings based on how organizations like yours have set these certain settings. One goal of this is to flag those settings that may have more impact to users as you note and thus, admins haven't configured.- I think the issue Muhammad is talking about is like one I had (1) Set security baseline to pilot group, then production (2) several weeks after pilot, we find the Finance manager can't use weird bespoke end-of-year tax submission tool (3) I remove his device from scope of "new" policy (4) the settings changes have seemingly been tattooed, so this has no effect (5) I have to spend hours working out what the baseline policy set in the registry, and back out the changes until the app works again. I was basically blind. Some way to correlate the app being blocked to a particular setting, then to a particular policy, and a way to back it out would've been really useful. After that experience, we don't use baselines any more, as they are scary. Too hard to test/troubleshoot.
