Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Windows 10/11 22h2 Security Baseline missing in Intune

MVP

Hi, can you please enlighten when the Windows 10/11 Security Baseline will be updated to 22H2? The current baseline is of November 2021, I am sure that there are new recommedations in the new baseline ( Windows 10, version 22H2 Security baseline - Microsoft Community Hub ) that would be helpful while managing Windows in a more modern way. 

 

As an example, currently missing the 22H2 option "Allow Administrator account lockout" to manage it without the need of a GPO. 

21 Replies

@Peter Daalmans - @JuliaI is the PM for Intune who handles this area. She will be better able to assist you with this.

We have the same problem, just logged a support case in this
Hi All, Any update on when the baselines will be updated? The current baseline is of November 2021.
Hi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
Hi all, thanks so much for your feedback. We are planning to release the updated Intune Edge baseline in April/May '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that will soon to be deployed. Therefore, we will be back on our regular release schedule soon, so I do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new Edge baseline. Please let me know if you have any other questions/concerns.
Thank you for the response. Appreciate it and looking forward to the baseline releases.
Hi Julial. Was wondering if there are any updates regarding this matter? Does this item exist in the Microsoft 365 roadmap? If yes, could you be kind enough and share the feature ID? Also, do you plan to do a private preview for this change? If yes, how can I go about signing up?
Hi Julial, I was just wondering if there was any update on when the updated baselines will be in Intune? You mentioned April/May '23 and we are now in June'23. There are a lot of updated security baselines in the Microsoft Security Compliance Toolkit that would be great to have in Intune.

It is now the end of June, please provide an update. @Julia_Idaewor 

@Julia_Idaewor Hi there, we are preparing the Deployment of Windows 11 22H2 and I wanted to implement the latest Security Baseline for Windows 11 and it still says "November 2021"

When will the updabe be released? 

 

BR Daniel

I am also having a very difficult time getting all of the 'missing' settings discovered using the PolicyAnalyzer tool configured via Intune.
Also the PolicyAnalyzer does not account for how Intune and Defender is configuring some settings. As the usual GPO registry keys are not configured in the same location, at least for Defender. So I have spent the last 3 days going through the missing settings, to find some are actually configured.

So 3 issues really.
1 - missing native security baselines in Intune
2 - missing the settings in Intune to actually configure the s new settings
3 - Policy Analyzer tool is presuming GPO is used to configure the settings
@ThomasOReilly - re #3, that is accurate. Policy Analyzer ingests GPO backups and compares against those settings. It has no knowledge of configuration setting via MDM/CSP.
Is there any better tool to verify if a Cloud Only manage Azure AD Joined Intune managed device is compliant with the recommended MS security Baselines? Because sifting through each 'missing' setting is unbelievably tedious.
Its October 2023. 22H2 baseline is still missing from intune. does anyone at MSFT care? @Rick_Munck, @Julial - any news for us poor chumps?

@David Bargna unfortunately I don't the control the Intune release details. @Julia_Idaewor will have to comment on Intune.  

thanks Rick, I wonder if we will get a reply?
Hi David! We truly apologize for the delay. Our engineering team has been working diligently to make sure we cover every single applicable setting in the Windows 11 22H2 baseline and ensure that the baseline template is up to quality. There have been major delays due to dependencies on other internal teams. Right now, we're nearing the end and are about 80% of the way there, so I anticipate we will be ready to release the Windows 11 22H2 baseline (which also supports Windows 10 settings) in January '24. I am truly hoping we do not encounter any more major issues, but things can change at anytime. If we do, I will personally make it a point to keep you updated on this thread - I can't imagine how inconvenient this has been for you and on behalf of Microsoft, we thank you so much for your continued patience. I guarantee it will be worth the wait and updates will be much more consistent afterwards.
hi, while I appreciate the reply, I always find it very frustrating the products and services which are promised by MSFT either via technical or account managers do not appear however the cost of licenses keep increasing and those responsible for the systems need to deliver regardless of MSFT failings.
Hello - still waiting for this.. do we have an ETA? it's 1/17/2024 Thanks!