Home
%3CLINGO-SUB%20id%3D%22lingo-sub-1265326%22%20slang%3D%22en-US%22%3ESupport%20Tip%3A%20Updates%20to%20Microsoft%20Defender%20ATP%20baseline%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1265326%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20customers%20who%20are%20taking%20advantage%20of%20Microsoft%20Endpoint%20Manager%E2%80%99s%20Security%20Baselines%20for%20Microsoft%20Defender%20ATP%2C%20you%20might%20notice%20a%20banner%20in%20the%20UI%20of%20the%20Device%20Management%20admin%20console%20indicating%20a%20new%20baseline%20version%20has%20been%20released%20with%20this%20iteration.%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorIntune%20Support%20Team_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22MDATP%20baselines.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F180646i92153EB06809E7C5%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22MDATP%20baselines.jpg%22%20alt%3D%22MDATP%20baselines.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EExisting%20profiles%20will%20continue%20to%20work%20as%20expected%20%E2%80%93%20no%20action%20is%20needed.%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20make%20any%20changes%2Fcustomizations%20to%20settings%20within%20a%20profile%20that%20has%20an%20updated%20baseline%20available%2C%20Microsoft%20requires%20you%20update%20that%20profile%20to%20a%20supported%20version%20of%20a%20baseline%20and%20make%20your%20changes.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20select%20the%20two%20versions%20of%20the%20baseline%20and%20then%20choose%26nbsp%3B%E2%80%98%3CSTRONG%3ECompare%20baselines%E2%80%99%3C%2FSTRONG%3E%26nbsp%3Bto%20download%20a%20CSV%20file%20that%20details%20those%20differences.%20There%20are%20changes%20in%20these%20areas%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EBitLocker%2C%3C%2FLI%3E%0A%3CLI%3EWindows%20Hello%20for%20Business%2C%3C%2FLI%3E%0A%3CLI%3EExploit%20Protection%2C%3C%2FLI%3E%0A%3CLI%3EFolder%20protection%2C%3C%2FLI%3E%0A%3CLI%3ECredential%20guard%2C%3C%2FLI%3E%0A%3CLI%3ESmartScreen%2C%3C%2FLI%3E%0A%3CLI%3Eand%20Application%20Guard%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3EWhen%20you%20are%20ready%2C%20the%20update%20process%20can%20be%20started%20by%20selecting%20%E2%80%98Profiles%E2%80%99%20under%20the%20Microsoft%20Defender%20ATP%20baseline%2C%20select%20%E2%80%98Change%20Version%E2%80%99.%20To%20learn%20more%2C%20see%20%E2%80%9C%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fsecurity-baselines%23to-change-the-baseline-version-for-a-profile%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EChange%20the%20baseline%20version%20for%20a%20profile%3C%2FA%3E%E2%80%9C.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1265326%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%3B%22%3EFor%20customers%20who%20are%20taking%20advantage%20of%20Microsoft%20Endpoint%20Manager%E2%80%99s%20Security%20Baselines%20for%20Microsoft%20Defender%20ATP%2C%20you%20might%20notice%20a%20banner%20in%20the%20UI%20of%20the%20Device%20Management%20admin%20console%20indicating%20a%20new%20baseline%20version%20has%20been%20released%20with%20this%20iteration.%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorIntune%20Support%20Team_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20display%3A%20inline-block%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1265326%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESupport%20Tip%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1288271%22%20slang%3D%22en-US%22%3ERe%3A%20Support%20Tip%3A%20Updates%20to%20Microsoft%20Defender%20ATP%20baseline%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1288271%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3Ehow%20come%20tamper%20protection%20isn%E2%80%99t%20include%20in%20the%20new%20baseline%3F%20As%20it%20is%20part%20of%20the%20Intune%20endpoint%20protection%20policy.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1323566%22%20slang%3D%22en-US%22%3ERe%3A%20Support%20Tip%3A%20Updates%20to%20Microsoft%20Defender%20ATP%20baseline%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1323566%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20at%20the%20moment%20the%20whole%20endpoint%20security%20is%20a%20bit%20of%20a%20mess%3C%2FP%3E%3CP%3Ethere%20are%20the%20same%20settings%20in%20device%20configuration%2C%20you%20have%20ATP%20profiles%2C%20security%20baseline%20profiles%2C%20now%20i%20see%20another%20split%20out%20of%20items%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20have%20some%20consistent%20approach%20to%20defining%20device%20configurations%20please%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20even%20tried%20the%20new%20bitlocker%20policy%20and%20it%20spat%20errors%20(admit%20is%20still%20preview)%3C%2FP%3E%3C%2FLINGO-BODY%3E

For customers who are taking advantage of Microsoft Endpoint Manager’s Security Baselines for Microsoft Defender ATP, you might notice a banner in the UI of the Device Management admin console indicating a new baseline version has been released with this iteration.

 

MDATP baselines.jpg


Existing profiles will continue to work as expected – no action is needed.

To make any changes/customizations to settings within a profile that has an updated baseline available, Microsoft requires you update that profile to a supported version of a baseline and make your changes.

 

You can select the two versions of the baseline and then choose ‘Compare baselines’ to download a CSV file that details those differences. There are changes in these areas:

  • BitLocker,
  • Windows Hello for Business,
  • Exploit Protection,
  • Folder protection,
  • Credential guard,
  • SmartScreen,
  • and Application Guard


When you are ready, the update process can be started by selecting ‘Profiles’ under the Microsoft Defender ATP baseline, select ‘Change Version’. To learn more, see “Change the baseline version for a profile“.

 

2 Comments
New Contributor

@Intune Support Team 
how come tamper protection isn’t include in the new baseline? As it is part of the Intune endpoint protection policy. 

Senior Member

I think at the moment the whole endpoint security is a bit of a mess

there are the same settings in device configuration, you have ATP profiles, security baseline profiles, now i see another split out of items

 

Can we have some consistent approach to defining device configurations please

 

I even tried the new bitlocker policy and it spat errors (admit is still preview)