Updated Windows for Endpoint Security Baseline

Microsoft has updated the Windows Security Baseline for Endpoint Security in Intune to 24H2 as shown above. Baselines are an easy way to set a vast array of best practice settings across your Windows devices in a single policy, already pre-configured by Microsoft.

I have extracted the policy to a JSON file and made it available at:

https://github.com/directorcia/bp/blob/main/Intune/Policies/Endpoint/Baselines/win.json

and the previous one is here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/Endpoint/Baselines/Archive/win.json

You can now simply import that directly into your environment programmatically using something like PowerShell.

I will note that when I initially exported the templated and tried to import it back I got the error:

Invalid Reference id found in Policy

after a lot of troubleshooting (and I mean a LOT) I tracked down the issue to be related to id 241:

{
   “id”: “241”,
   “settingInstance”: {
     “choiceSettingValue”: {
       “value”: “device_vendor_msft_policy_config_deviceguard_machineidentityisolation_0”,
       “children”: [],
       “settingValueTemplateReference”: {
         “useTemplateDefault”: false,
         “settingValueTemplateId”: “6a208e4b-0e34-4d12-a821-3173e99f3ce0”
       }
     },
     “@odata.type”: “#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance”,
     “settingDefinitionId”: “device_vendor_msft_policy_config_deviceguard_machineidentityisolation”,
     “settingInstanceTemplateReference”: {
       “settingInstanceTemplateId”: “1fa97457-2a1f-4e33-b3c2-9a4c8930510d”
     }
   }
}

removing that from teh template allowed the rest of the template to import. I’ll have to spend some more time working out the exact settings and hopefully by then Microsoft fixes the issue and I’ll update the JSON in my Best Practices repository. However, for now the JSON at the URL can be imported.

Updated Defender for Endpoint Security Baseline

Microsoft has updated the Defender for Endpoint Security Baseline policy in Intune to Version 24H1 as shown above.

I have managed to extract my own best practice JSON configuration file for this policy and make it available at:

https://github.com/directorcia/bp/blob/main/Intune/Policies/Endpoint/Baselines/dep.json

which means you can import this directly into your environment programmatically (I used PowerShell to do exactly this).

The updates to this policy are huge! The previous version config file was about 350 lines, this new 24H1 version is now about 2,300 lines long! This indicated to me that Microsoft is moving more and more settings into theses baselines.

Reading from the CIAOPS Best Practices repo

I’ve recently upload a new JSON configuration file to my Best Practices repo on Github that you can deploy to Intune using PowerShell. You can find it here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/ConfigurationProfiles/SettingsCatalog/odfb.json

The first thing to realise if you want to read this directly in from the repo is that you’ll need to use the raw version of that file which you can find here:

https://raw.githubusercontent.com/directorcia/bp/main/Intune/Policies/ConfigurationProfiles/SettingsCatalog/odfb.json

You will then need to use the command:

$query = invoke-webrequest -method GET -ContentType “application/json” -uri $url -UseBasicParsing

which will store the result in a variable called $query. Of course, you will need to assign the raw URL to the variable $url also.

Once executed if you look at $query.content you should then find a copy of JSON file you can then use to create a policy with PowerShell in Intune.

You can read all of the JSON files in my Best Practices repo in this way and use them to easily deploy to your environment.