In this post, Let’s learn how to Update Intune Security Baselines Version In MEM Admin Portal. Intune updates the versions of built-in Security Baselines depending on the changing needs of a typical organization. Each new release results in a version update to a particular baseline.
With the new release of the MDM Security Baseline version, the existing older versions will be deprecated. The older security baseline profile settings can not be editable or modified. You can continue using profiles based on older versions, including editing their name, description, and assignments.
Microsoft Endpoint Manager updates the versions of built-in Security Baselines depending on the changing needs of a typical organization. Each setting in a baseline has a default configuration for that baseline version.
If you have a profile associated with an older baseline, that older baseline will continue to be listed. When a new version for a baseline is released, plan to update your existing profiles to the new version –
- Existing profiles don’t upgrade to new versions automatically.
- Settings in baseline profiles that don’t use the latest version become read-only.
You deploy security baselines to groups of users or devices in Intune, and the settings apply to devices that run Windows 10/11. Security baselines can help you to have a secure end-to-end workflow when working with Microsoft 365.
- Intune Security Baselines Policies for Windows 10 or Windows 11 Deployment Guide
- Intune Security Baseline Microsoft Defender Policy Troubleshooting Tips for Cloud PCs
Video Tutorial on Intune Security Baseline Policies Templates
Let’s have a look at the latest Video Tutorial on Intune Security Baseline Policies Templates. In this video, you are going to learn about Intune Security Baseline Decoded Easiest option to set up security policies for your organization. Also, the challenges with Security Baseline Templates.
Update Intune Security Baselines Version In MEM Admin Portal
Before you update the version of a profile that’s assigned to groups, test the version update on a copy of the profile so you can then validate the new baseline settings on the test group of devices.
- Sign in to Microsoft Endpoint Manager Admin Center https://endpoint.microsoft.com
- Navigate to the Endpoint Security node. Click on the Security Baselines node.
Here You can see several other baseline policies in this node, Select the Security Baseline for Windows 10 and later set.
You may notice the banner showing the message that At least one profile or policy is using a deprecated version. Microsoft recommends that you update all policies and profiles to the latest version.
When a new baseline version becomes available, it replaces the previous version. Profiles instances that you’ve created prior to the availability of a new version.
Note: It is important to back up your existing production baseline policies and perform changes in the latest version. You have an option to duplicate the security baseline, just like duplicating settings catalog.
Select the Security Baseline profile and click Change Version.
Select a security baseline to update to dropdown, and select the version instance you want to use.
Here before selecting a security baseline, you can review the update. Clicking on Review update allows you to download the updated security baseline.
Note – When there are no longer any profiles that use an older baseline listed in your tenant, Intune will only list the latest baseline version available.
Once the CSV Export is completed, You can review the Baseline Profile Update. The Comparison Column shows the profile comparing the older version and the latest version. If the profile matches, you will see status equal or unmatched profile shows removed.
Review the file so that you understand which settings are new or removed, and what the default values for these settings are in the updated profile.
Select the Security Baseline version you want to update to. Then select one of the following options –
- Accept baseline changes but keep my existing setting customizations – This option keeps the customizations you made to the baseline profile and applies them to the new version you’ve selected to use.
- Accept baseline changes and discard existing setting customizations – This option overwrites your original profile completely. The updated profile will use the default values for all settings.
A notification will appear automatically in the top right-hand corner with a message. You can see the message ICSS Windows 10 has been migrated to MDM Security Baseline for Windows 10 and later for November 2021(November 2021).
The Current Baseline column shows the latest selected baseline version (November 2021). The profile updates to the selected baseline version and after the conversion is complete, the baseline immediately redeploys to assigned groups.
Compare MDM Security Baselines Version
In Security Baseline, On the Versions pane for a security baseline is a list of each version of this baseline that you’ve deployed. This list also includes the most recent and active version of the baseline.
To understand what’s changed between versions, select the checkboxes for two different versions, and then select Compare baselines.
Click on Yes to export all data in a CSV file. You’re then prompted to download a CSV file that details those differences.
The download identifies each setting in the two baseline versions and notes if this setting has changed (notEqual) or has remained the same (equal). Details also include the default value for the setting by version, and if the setting was added to the more recent version, or removed from the more recent version.
About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.