For customers who are taking advantage of Microsoft Endpoint Manager’s Security Baselines for Microsoft Defender ATP, you might notice a banner in the UI of the Device Management admin console indicating a new baseline version has been released with this iteration.
Existing profiles will continue to work as expected – no action is needed.
To make any changes/customizations to settings within a profile that has an updated baseline available, Microsoft requires you update that profile to a supported version of a baseline and make your changes.
You can select the two versions of the baseline and then choose ‘Compare baselines’ to download a CSV file that details those differences. There are changes in these areas:
- Windows Hello for Business,
- Exploit Protection,
- Folder protection,
- Credential guard,
- and Application Guard
When you are ready, the update process can be started by selecting ‘Profiles’ under the Microsoft Defender ATP baseline, select ‘Change Version’. To learn more, see “Change the baseline version for a profile“.