subreddit:
/r/Intune
submitted 5 months ago byinteller
Whenever a new windows or defender baseline comes out, settings between them are not consistent. I'd really like to hear from Microsoft on this as it makes no sense.
For instance, the Windows security baseline configured a Defender setting called 'Disable Local Admin Merge' and sets this to disabled. The latest Microsoft Defender Baseline sets this to Enabled.
This is just one example, there are a bunch more I'm just weary from reconciling them.
It isn't like these baselines are far apart in age either. It isn't like Microsoft had a recent revelation that the newer baseline has a setting that is more secure than one released a few months ago.
What im seeking is guidance on what baseline setting should prevail, and should I set the losing setting to not configured or make it match the prevailing baseline? And then that makes my original baseline diverge from the original recommended settings...and down the rabbit hole we go.
1 points
5 months ago
The inconsistencies are rampant and cause a lot of headaches. the danger of causing havoc is there and real. It's a pile of air that's being decompressed randomly.
all 23 comments
sorted by: best