Microsoft Confirms Intune Bug Affecting Custom Security Baseline Settings
A newly identified bug in Microsoft Intune resets custom security baseline settings during updates.
Key Takeaways:
- A newly discovered Intune bug resets custom security settings during baseline updates.
- Microsoft has acknowledged the issue and is working on a fix.
- A manual workaround is available, but it’s time-consuming for IT admins.
Microsoft is investigating a new bug in its Intune endpoint management software that causes custom security baseline settings to be lost during the update process. The Microsoft Intune support team acknowledged this issue on July 1.
In Microsoft Intune, security baselines are collections of recommended security settings designed by Microsoft to help organizations quickly implement best practices for securing devices and users. These baselines serve as templates that can be customized and deployed across an organization to ensure consistent security configurations. Security baselines help IT administrators streamline policy management, maintain compliance, and reduce the risk of misconfigurations.
How the bug impacts custom security settings?
Microsoft says that this issue arises when an administrator has made custom changes to a security baseline in Microsoft Intune and then updates to a newer version of that baseline. During the update process, instead of preserving those custom settings, Microsoft Intune mistakenly reverts them to default values.
“We’ve recently identified an issue in the security baseline policy update flow where customizations made, which differ from the security baseline recommended value, aren’t retained during the update process. This issue affects customers who are updating their baseline version to a more recent version. For example, updating the security baseline from version 23H2 to version 24H2,” Microsoft explained.
Microsoft’s official response and workaround
Microsoft says that its engineers are currently working to address this problem. In the meantime, the company has provided a workaround that requires IT administrators to manually reapply their customizations after updating the baseline policies. However, it could be a frustrating and time-consuming process for IT admins.
Currently, Microsoft hasn’t provided a timeline for when a permanent fix will be available for customers. The issue is particularly problematic for organizations that rely on custom configurations for compliance or operational needs.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
