Update Baseline joins the Security Compliance Toolkit

Published 01-28-2021 04:14 PM 5,087 Views
Microsoft

We are excited to announce that the Update Baseline is now a part of the Security Compliance Toolkit! If you're not yet familiar with this great tool, the Update Baseline offers Microsoft’s set of recommended policy configurations for Windows Updates to help you:

  • Ensure that the devices on your network receive the latest monthly security updates in a timely manner.
  • Provide a great end user experience throughout the update process.

The Update Baseline includes Windows Update policies as well as power and Delivery Optimization policies—all designed to streamline the update process, improve patch compliance, and help ensure your devices stay secure. In fact, devices that are configured using  the Update Baseline reach, on average, a compliance rate between 80-90% within 28 days.

What is included in the Update Baseline?

For Windows Update policies, the Update Baseline offers recommendations around:

  • Deadlines, the most powerful tool in the IT administrator’s arsenal for ensuring devices get updated on time.
  • Downloading and installing updates in the background without disturbing end users. This also removes bottlenecks from the update process.
  • A great end user experience. Users don’t have to approve updates, but they get notified when an update requires a restart.
  • Accommodating low activity devices (which tend to be some of the hardest to update) to ensure the best-possible user experience while respecting compliance goals.

How do I apply the Update Baseline?

If you manage your devices via Group Policy, you can apply the Update Baseline using the familiar Security Compliance Toolkit framework. With a single PowerShell command, the Update Baseline Group Policy Object (GPO) can be loaded into Group Policy Management Center (GPMC) as shown below:

You can add the MSFT Windows Update GPO that adds the Update Baseline to GPMC with a single command.You can add the MSFT Windows Update GPO that adds the Update Baseline to GPMC with a single command.

You can then view the Update Baseline GPO (MSFT Windows Update) in the GPMC.You can then view the Update Baseline GPO (MSFT Windows Update) in the GPMC.

That’s it! Simple and easy.

Download the updated Security Compliance Toolkit today to start applying security configuration baselines for Windows and other Microsoft products.

I also encourage you to learn more about common policy configuration mistakes for managing Windows updates and what you can do to avoid them to improve update adoption and provide a great user experience.

Other cool tidbits? The Update Baseline will continue to be updated and improved as needed, and an Intune solution to apply the Update Baseline is coming soon! Let us know your thoughts and leave a comment below.

%3CLINGO-SUB%20id%3D%22lingo-sub-2107780%22%20slang%3D%22en-US%22%3EUpdate%20Baseline%20joins%20the%20Security%20Compliance%20Toolkit%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2107780%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EWe%20are%20excited%20to%20announce%20that%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fdeployment%2Fupdate%2Fupdate-baseline%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUpdate%20Baseline%3C%2FA%3E%20is%20now%20a%20part%20of%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fdownload%2Fdetails.aspx%3Fid%3D55319%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESecurity%20Compliance%20Toolkit%3C%2FA%3E!%20If%20you're%20not%20yet%20familiar%20with%20this%20great%20tool%2C%20the%20Update%20Baseline%20offers%20Microsoft%E2%80%99s%20set%20of%20recommended%20policy%20configurations%20for%20Windows%20Updates%20to%20help%20you%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%20margin-top%3A%2020px%3B%22%3EEnsure%20that%20the%20devices%20on%20your%20network%20receive%20the%20latest%20monthly%20security%20updates%20in%20a%20timely%20manner.%3C%2FLI%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%22%3EProvide%20a%20great%20end%20user%20experience%20throughout%20the%20update%20process.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EThe%20Update%20Baseline%20includes%20Windows%20Update%20policies%20as%20well%20as%20power%20and%20Delivery%20Optimization%20policies%E2%80%94all%20designed%20to%20streamline%20the%20update%20process%2C%20improve%20patch%20compliance%2C%20and%20help%20ensure%20your%20devices%20stay%20secure.%20In%20fact%2C%20devices%20that%20are%20configured%20using%20%26nbsp%3Bthe%20Update%20Baseline%20reach%2C%20on%20average%2C%20a%20compliance%20rate%20between%2080-90%25%20within%2028%20days.%3C%2FP%3E%0A%3CH2%20style%3D%22margin-top%3A%2036px%3B%20margin-bottom%3A%2020px%3B%20font-family%3A%20'Segoe%20UI'%2C%20Segoe%2C%20Tahoma%2C%20Geneva%2C%20sans-serif%3B%20font-weight%3A%20600%3B%20font-size%3A%2020px%3B%20color%3A%20%23333333%3B%22%20id%3D%22toc-hId--527800606%22%20id%3D%22toc-hId--528747191%22%3EWhat%20is%20included%20in%20the%20Update%20Baseline%3F%3C%2FH2%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EFor%20Windows%20Update%20policies%2C%20the%20Update%20Baseline%20offers%20recommendations%20around%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%20margin-top%3A%2020px%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fdeployment%2Fupdate%2Fwufb-compliancedeadlines%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDeadlines%3C%2FA%3E%2C%20the%20most%20powerful%20tool%20in%20the%20IT%20administrator%E2%80%99s%20arsenal%20for%20ensuring%20devices%20get%20updated%20on%20time.%3C%2FLI%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%22%3EDownloading%20and%20installing%20updates%20in%20the%20background%20without%20disturbing%20end%20users.%20This%20also%20removes%20bottlenecks%20from%20the%20update%20process.%3C%2FLI%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%22%3EA%20great%20end%20user%20experience.%20Users%20don%E2%80%99t%20have%20to%20approve%20updates%2C%20but%20they%20get%20notified%20when%20an%20update%20requires%20a%20restart.%3C%2FLI%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%22%3EAccommodating%20low%20activity%20devices%20(which%20tend%20to%20be%20some%20of%20the%20hardest%20to%20update)%20to%20ensure%20the%20best-possible%20user%20experience%20while%20respecting%20compliance%20goals.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20style%3D%22margin-top%3A%2036px%3B%20margin-bottom%3A%2020px%3B%20font-family%3A%20'Segoe%20UI'%2C%20Segoe%2C%20Tahoma%2C%20Geneva%2C%20sans-serif%3B%20font-weight%3A%20600%3B%20font-size%3A%2020px%3B%20color%3A%20%23333333%3B%22%20id%3D%22toc-hId-1959712227%22%20id%3D%22toc-hId-1958765642%22%3EHow%20do%20I%20apply%20the%20Update%20Baseline%3F%3C%2FH2%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EIf%20you%20manage%20your%20devices%20via%20Group%20Policy%2C%20you%20can%20apply%20the%20Update%20Baseline%20using%20the%20familiar%20Security%20Compliance%20Toolkit%20framework.%20With%20a%20single%20PowerShell%20command%2C%20the%20Update%20Baseline%20Group%20Policy%20Object%20(GPO)%20can%20be%20loaded%20into%20Group%20Policy%20Management%20Center%20(GPMC)%20as%20shown%20below%3A%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22powershell-update-baseline-script.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250460iFFB3C381E897ECA1%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22powershell-update-baseline-script.png%22%20alt%3D%22You%20can%20add%20the%20MSFT%20Windows%20Update%20GPO%20that%20adds%20the%20Update%20Baseline%20to%20GPMC%20with%20a%20single%20command.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EYou%20can%20add%20the%20MSFT%20Windows%20Update%20GPO%20that%20adds%20the%20Update%20Baseline%20to%20GPMC%20with%20a%20single%20command.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2010px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22gpmc-update-baseline.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250461iC276D25225DCD742%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22gpmc-update-baseline.png%22%20alt%3D%22You%20can%20then%20view%20the%20Update%20Baseline%20GPO%20(MSFT%20Windows%20Update)%20in%20the%20GPMC.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EYou%20can%20then%20view%20the%20Update%20Baseline%20GPO%20(MSFT%20Windows%20Update)%20in%20the%20GPMC.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EThat%E2%80%99s%20it!%20Simple%20and%20easy.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EDownload%20the%20updated%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fdownload%2Fdetails.aspx%3Fid%3D55319%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESecurity%20Compliance%20Toolkit%3C%2FA%3E%20today%20to%20start%20applying%20security%20configuration%20baselines%20for%20Windows%20and%20other%20Microsoft%20products.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EI%20also%20encourage%20you%20to%20learn%20more%20about%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fcommon-policy-configuration-mistakes-for-managing-windows%2Fba-p%2F2077328%22%20target%3D%22_blank%22%3Ecommon%20policy%20configuration%20mistakes%20for%20managing%20Windows%20updates%3C%2FA%3E%20and%20what%20you%20can%20do%20to%20avoid%20them%20to%20improve%20update%20adoption%20and%20provide%20a%20great%20user%20experience.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EOther%20cool%20tidbits%3F%20The%20Update%20Baseline%20will%20continue%20to%20be%20updated%20and%20improved%20as%20needed%2C%20and%20an%20Intune%20solution%20to%20apply%20the%20Update%20Baseline%20is%20coming%20soon!%20Let%20us%20know%20your%20thoughts%20and%20leave%20a%20comment%20below.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2107780%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%E2%80%99s%20recommended%20policy%20configurations%20for%20Windows%20Updates%20are%20now%20integrated%20into%20the%20SCT.%20Learn%20more.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22The%20Update%20Baseline%20in%20the%20Group%20Policy%20Management%20Console%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250462iBFFDBC3D5FFC1607%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22gpmc-update-baseline.png%22%20alt%3D%22gpmc-update-baseline.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2107780%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EServicing%20and%20updates%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Jan 28 2021 04:15 PM
Updated by: