This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 77%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
I have created a security baseline profile using the recommended settings (they are all defaults). When I assign the profile, Audit policies shows "error" status. I try to remove the assignment and recreate another profile and reassign but it still give me the same errors. All devices are affected. I would like to know how to fix this.
Hello,
Could you please specify which identity configuration do you have ?
AAD Join ?
Hybrid AAD Join ?
For management, devices are only managed by intune or is it co-managed ?
Thanks,
We do have Hybrid AAD Join. devices are only managed by Intune. Thank you.
Hi,
What do you see under per setting status against the baseline? That should give you some indication. Also, did you check the event logs located under Event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin ? It can take a good amount of time for the status to get updated in Intune.
Hi,
Did you checked if there is a conflict between this Intune profile with a Local GPO ?
The logs asked by Rahul will be helpful.
Thanks,
I did check the logs but no info about the errors. I tried to replicate and it doesn't give any error for all the Windows Enterprise Machines that I enrolled. Issue only exist for Windows Business and Pro machines. I guess it is compatibility issue with Windows OS. Seems like it is applicable for Enterprise OS only. I just have to disable those erroneous policy in Security baseline and modify manually in GPO.
Some features may not work, but the policies will apply for pro edition. It is highly unlikely that there no events get logged if the policies are actually failing to apply. You should capture the MDM diagnostic report and verify if the policies are applying or not.