Windows 10 Security Baseline errors.

Susie Miloves 1 Reputation point
2020-11-24T14:37:04.083+00:00

I have created a security baseline profile using the recommended settings (they are all defaults). When I assign the profile, Audit policies shows "error" status. I try to remove the assignment and recreate another profile and reassign but it still give me the same errors. All devices are affected. I would like to know how to fix this.

42261-intune-error.jpg

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,315 questions
0 comments No comments
{count} votes

13 answers

Sort by: Most helpful
  1. Arnold Souadet 1 Reputation point
    2020-11-24T15:43:52.213+00:00

    Hello,

    Could you please specify which identity configuration do you have ?
    AAD Join ?
    Hybrid AAD Join ?

    For management, devices are only managed by intune or is it co-managed ?

    Thanks,

    0 comments No comments

  2. Susie Miloves 1 Reputation point
    2020-11-24T16:57:23.573+00:00

    We do have Hybrid AAD Join. devices are only managed by Intune. Thank you.

    0 comments No comments

  3. Rahul Jindal [MVP] 9,131 Reputation points MVP
    2020-11-24T22:33:29.223+00:00

    Hi,

    What do you see under per setting status against the baseline? That should give you some indication. Also, did you check the event logs located under Event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin ? It can take a good amount of time for the status to get updated in Intune.

    0 comments No comments

  4. Arnold Souadet 1 Reputation point
    2020-11-25T13:26:32.497+00:00

    Hi,

    Did you checked if there is a conflict between this Intune profile with a Local GPO ?
    The logs asked by Rahul will be helpful.

    Thanks,

    0 comments No comments

  5. Susie Miloves 1 Reputation point
    2020-11-26T01:58:18.457+00:00

    I did check the logs but no info about the errors. I tried to replicate and it doesn't give any error for all the Windows Enterprise Machines that I enrolled. Issue only exist for Windows Business and Pro machines. I guess it is compatibility issue with Windows OS. Seems like it is applicable for Enterprise OS only. I just have to disable those erroneous policy in Security baseline and modify manually in GPO.