Detect conflincting setting profiles

IMK 361 Reputation points


We can configure different kind of settings, in Endpoint portal, by using Security Baseline profiles, Configuration profiles and Endpoint Security profiles. All of these are equal so if there is two different configuration for same setting, these profiles will conflict.

Do we have any kind of way to scan these profiles for situations, where several profiles configures the same setting, either using the same configuration or conflicting configuration?

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,516 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pavel yannara Mirochnitchenko 10,771 Reputation points

    Sorry my bad as well - Endpoint Security contains baselines for Windows, Defender and Edge. These are prio 1 from MS point of view. Other features from Endpoint Security is up to you, but you probably want to manage Antivirus, Firewall and Bitlocker at least. It is important that whatever you do, you don't overlap same settings from multiple sources/profiles. Also, if you start using Defender for Endpoint, you will realize you might need ASR for example, to cover all security recommendations.

    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 10,771 Reputation points
    • First, you should apply security baseline, configure additional settings you want with Settings Catalog. Admin templates and restrictions are becomming obsolete.
    • You should able to see conflict between configuration profiles, when you navigate to single device in intune portal and see its configurations. It should list you all green, confict, error or not applicable.
    • If Intune console does not reveal you the actual reason, you go to Event Viewer \ Applications and service logs\ Microsoft \ DeviceManagement-Enterprice-Diagnostic Provider. This event location should reveal you the root cause.
    0 comments No comments

  2. IMK 361 Reputation points


    What about Endpoint Security profiles? We are using Endpoint portal to configure Defender settings (AV, EDR and so on).

    Should we use the Endpoint Security profiles or is it recommended to instead use Configuration profiles/Settings Catalog settings?

  3. IMK 361 Reputation points

    Sorry, got a bit confused..

    First is to configure Endpoint Security profiles.

    Second is to configure Configuration/Settings Catalog profiles.

    Does this leave need or should I use Baseline profiles at all? Or should I check from Baseline profiles some succestions on how to configure Endpoint Sec and Configuration profiles?

    0 comments No comments

  4. IMK 361 Reputation points

    Ok, thanks!

    0 comments No comments