Update Intune Security Baselines Version In MEM Admin Portal

In this post, Let’s learn how to Update Intune Security Baselines Version In MEM Admin Portal. Intune updates the versions of built-in Security Baselines depending on the changing needs of a typical organization. Each new release results in a version update to a particular baseline.

With the new release of the MDM Security Baseline version, the existing older versions will be deprecated. The older security baseline profile settings can not be editable or modified. You can continue using profiles based on older versions, including editing their name, description, and assignments.

Microsoft Endpoint Manager updates the versions of built-in Security Baselines depending on the changing needs of a typical organization. Each setting in a baseline has a default configuration for that baseline version.

If you have a profile associated with an older baseline, that older baseline will continue to be listed. When a new version for a baseline is released, plan to update your existing profiles to the new version –

Patch My PC
  • Existing profiles don’t upgrade to new versions automatically.
  • Settings in baseline profiles that don’t use the latest version become read-only.

You deploy security baselines to groups of users or devices in Intune, and the settings apply to devices that run Windows 10/11. Security baselines can help you to have a secure end-to-end workflow when working with Microsoft 365.

Update Intune Security Baselines Version In MEM Admin Portal

Before you update the version of a profile that’s assigned to groups, test the version update on a copy of the profile so you can then validate the new baseline settings on the test group of devices.

Security Baselines - Update Intune Security Baseline Versions In MEM Admin Portal 1
Security Baselines – Update Intune Security Baselines Version In MEM Admin Portal 1

Here You can see several other baseline policies in this node, Select the Security Baseline for Windows 10 and later set.

Update Intune Security Baseline Versions In MEM Admin Portal 2
Select Security Baselines – Update Intune Security Baselines Version In MEM Admin Portal 2

You may notice the banner showing the message that At least one profile or policy is using a deprecated version. Microsoft recommends that you update all policies and profiles to the latest version. 

When a new baseline version becomes available, it replaces the previous version. Profiles instances that you’ve created prior to the availability of a new version.

Note: It is important to back up your existing production baseline policies and perform changes in the latest version. You have an option to duplicate the security baseline, just like duplicating settings catalog.

Select the Security Baseline profile and click Change Version.

Profile Change Version - Update Intune Security Baseline Versions In MEM Admin Portal 3
Profile Change Version – Update Intune Security Baselines Version In MEM Admin Portal 3

Select a security baseline to update to dropdown, and select the version instance you want to use.

Here before selecting a security baseline, you can review the update. Clicking on Review update allows you to download the updated security baseline.

Note – When there are no longer any profiles that use an older baseline listed in your tenant, Intune will only list the latest baseline version available.

Click on Review Update - Update Intune Security Baseline Versions In MEM Admin Portal 4
Click on Review Update – Update Intune Security Baselines Version In MEM Admin Portal 4

Once the CSV Export is completed, You can review the Baseline Profile Update. The Comparison Column shows the profile comparing the older version and the latest version. If the profile matches, you will see status equal or unmatched profile shows removed.

Review the file so that you understand which settings are new or removed, and what the default values for these settings are in the updated profile.

Review Security Baseline Profile - Update Intune Security Baseline Versions In MEM Admin Portal 5
Review Security Baseline Profile – Update Intune Security Baselines Version In MEM Admin Portal 5

Select the Security Baseline version you want to update to. Then select one of the following options –

  • Accept baseline changes but keep my existing setting customizations – This option keeps the customizations you made to the baseline profile and applies them to the new version you’ve selected to use.
  • Accept baseline changes and discard existing setting customizations – This option overwrites your original profile completely. The updated profile will use the default values for all settings.

Click Submit.

Select a Security Baseline - Update Intune Security Baselines Version In MEM Admin Portal 6
Select a Security Baseline – Update Intune Security Baselines Version In MEM Admin Portal 6

A notification will appear automatically in the top right-hand corner with a message. You can see the message ICSS Windows 10 has been migrated to MDM Security Baseline for Windows 10 and later for November 2021(November 2021).

The Current Baseline column shows the latest selected baseline version (November 2021). The profile updates to the selected baseline version and after the conversion is complete, the baseline immediately redeploys to assigned groups.

Current Baseline - Update Intune Security Baselines Version In MEM Admin Portal 7
Current Baseline – Update Intune Security Baselines Version In MEM Admin Portal 7

Compare MDM Security Baselines Version

In Security Baseline, On the Versions pane for a security baseline is a list of each version of this baseline that you’ve deployed. This list also includes the most recent and active version of the baseline.

To understand what’s changed between versions, select the checkboxes for two different versions, and then select Compare baselines.

MDM Security Baseline Versions - Update Intune Security Baselines Version In MEM Admin Portal 8
MDM Security Baseline Versions – Update Intune Security Baselines Version In MEM Admin Portal 8

Click on Yes to export all data in a CSV file. You’re then prompted to download a CSV file that details those differences.

Compare Baselines - Update Intune Security Baselines Version In MEM Admin Portal 9
Compare Baselines – Update Intune Security Baselines Version In MEM Admin Portal 9

The download identifies each setting in the two baseline versions and notes if this setting has changed (notEqual) or has remained the same (equal). Details also include the default value for the setting by version, and if the setting was added to the more recent version, or removed from the more recent version.

Author

About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.