Windows 10 Security Baseline errors.

Question

I have created a security baseline profile using the recommended settings (they are all defaults). When I assign the profile, Audit policies shows "error" status. I try to remove the assignment and recreate another profile and reassign but it still give me the same errors. All devices are affected. I would like to know how to fix this.

Answer 1

I did check the logs but no info about the errors. I tried to replicate and it doesn't give any error for all the Windows Enterprise Machines that I enrolled. Issue only exist for Windows Business and Pro machines. I guess it is compatibility issue with Windows OS. Seems like it is applicable for Enterprise OS only. I just have to disable those erroneous policy in Security baseline and modify manually in GPO.

Answer 2

Hi,

Did you checked if there is a conflict between this Intune profile with a Local GPO ?
The logs asked by Rahul will be helpful.

Thanks,

Answer 3

Hi,

What do you see under per setting status against the baseline? That should give you some indication. Also, did you check the event logs located under Event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin ? It can take a good amount of time for the status to get updated in Intune.

Answer 4

We do have Hybrid AAD Join. devices are only managed by Intune. Thank you.

Answer 5

Hello,

Could you please specify which identity configuration do you have ?
AAD Join ?
Hybrid AAD Join ?

For management, devices are only managed by intune or is it co-managed ?

Thanks,