Windows 10 Security Baseline errors.

Susie Miloves 1 Reputation point
2020-11-24T14:37:04.083+00:00

I have created a security baseline profile using the recommended settings (they are all defaults). When I assign the profile, Audit policies shows "error" status. I try to remove the assignment and recreate another profile and reassign but it still give me the same errors. All devices are affected. I would like to know how to fix this.

42261-intune-error.jpg

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,302 questions
0 comments No comments
{count} votes

13 answers

Sort by: Most helpful
  1. Arnold Souadet 1 Reputation point
    2020-11-24T15:43:52.213+00:00

    Hello,

    Could you please specify which identity configuration do you have ?
    AAD Join ?
    Hybrid AAD Join ?

    For management, devices are only managed by intune or is it co-managed ?

    Thanks,

    0 comments No comments

  2. Susie Miloves 1 Reputation point
    2020-11-24T16:57:23.573+00:00

    We do have Hybrid AAD Join. devices are only managed by Intune. Thank you.

    0 comments No comments

  3. Rahul Jindal [MVP] 10,361 Reputation points MVP
    2020-11-24T22:33:29.223+00:00

    Hi,

    What do you see under per setting status against the baseline? That should give you some indication. Also, did you check the event logs located under Event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin ? It can take a good amount of time for the status to get updated in Intune.

    0 comments No comments

  4. Arnold Souadet 1 Reputation point
    2020-11-25T13:26:32.497+00:00

    Hi,

    Did you checked if there is a conflict between this Intune profile with a Local GPO ?
    The logs asked by Rahul will be helpful.

    Thanks,

    0 comments No comments

  5. Susie Miloves 1 Reputation point
    2020-11-26T01:58:18.457+00:00

    I did check the logs but no info about the errors. I tried to replicate and it doesn't give any error for all the Windows Enterprise Machines that I enrolled. Issue only exist for Windows Business and Pro machines. I guess it is compatibility issue with Windows OS. Seems like it is applicable for Enterprise OS only. I just have to disable those erroneous policy in Security baseline and modify manually in GPO.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.