SOLVED

Security Baselines instead of standalone configs?

Regular Contributor

Hi everyone,

 

i'm aksing myself why security baselines are useful? At this moment i use device configurations for ATP, Hello, Device restrictions etc..

Why should i use security baselines instead? What are the advantages for me?

 

Thank you in advance. :)

Patrick

3 Replies
best response confirmed by PatrickF11 (Regular Contributor)
Solution

@PatrickF11 The benefits would be that you get recommended settings just as we do with the GPO version of the baseline. Each time a new Windows 10 version is released a new version of the baseline for that version will be available. That will save you time and makes it easier to be more secure. 

Regards,
Jörgen

@Jörgen Nilsson 

 

Only Problem is that the Intune Security Baseline for Windows is not keeping up with the Windows Security Baseline.

 

In Aug 2020 the Intune Windows Baseline on a new tenant with release 2007, the Intune Windows 10 Security Baseline version is May 2019.

 

Since May 2019 the Windows Security Baseline went final in Nov 2019 [https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-wind... ] but over half a year later and the Intune Security Baseline for Windows 10 hasn't been touched.

 

It wouldn't be such a problem if Security baseline deployed settings which another policy could tweak, but that causes setting conflicts.

 

And if you have Windows Security Baseline + Windows Defender ATP Baseline ... you have to be very careful to in your policy changes because both baselines have some overlapping settings (example bitlocker)

 

These are some reasons why i don't use the baselines. :\
By the way: I've opnened up a ticket at MS asking what is the best practice. (So where to configure some settings. Some of them are in the old-fashioned device configuration profiles, some of them are in the baselines, too, and some of them are in the device security blade, too.)
The supports answer was: Device configuration profiles. :D