List security baselines assessment configurations

Applies to:

Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.

1. Get all security baselines assessment configurations

This API retrieves a list of all the possible security baselines assessment configurations and settings for all the available benchmarks.

1.1 Parameters

  • Supports OData V4 queries
  • OData supported operators:
    • $filter on: id, category, name, CCE
    • $top with max value of 10,000
    • $skip

1.2 HTTP request

GET /api/baselineConfigurations 

1.3 Request headers

Name Type Description
Authorization String Bearer {token}. Required.

1.4 Response

If successful, this method returns 200 OK with the list of baseline configurations in the body.

1.5 Properties

Property Type Description
Id String Unique identifier for the specific configuration in the baseline benchmark.
benchmarkName String The name of the benchmark.
name String The configuration name at it appears in the benchmark.
description String The configuration description as it appears in the benchmark.
category String The configuration category as it appears in the benchmark.
complianceLevels String The compliance level of the benchmark where this configuration appears.
cce Int The CCE for this configuration as it appears in the benchmark.
rationale String The rationale for this configuration as it appears in the benchmark. For STIG benchmark this isn't supplied for this configuration.
source String The registry path or other location used to determine the current device setting.
remediation String The recommended steps to remediate.

1.6 Example

1.5.1 Request example

GET https://api.securitycenter.microsoft.com/api/baselineConfigurations

1.6.2 Response example

{
    "@odata.context": " https://api-df.securitycenter.microsoft.com/api/$metadata#BaselineConfigurations ", 
    "value": [
        {
            "id": "1.1.8", 
            "name": "(L1) Ensure 'Allow importing of payment info' is set to 'Disabled'",
            "description": "<p xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">This policy setting controls whether users are able to import payment information from another browser into Microsoft Edge as well as whether payment information is imported on first use.</p>",
            "category": "Microsoft Edge",
            "complianceLevels": [
                "Level 1 (L1) - Corporate/Enterprise Environment (general use)",
                "Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)"
            ],
            "cce": "",
            "rationale": "<p xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">Having payment information automatically imported or allowing users to import payment data from another browser into Microsoft Edge could allow for sensitive data to be imported into Edge.</p>",
            "remediation": "<div xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">\r\n  <p>\r\n    <p>\r\nTo establish the recommended configuration via GP, set the following UI path to                 <span class=\"inline_block\">Disabled</span></p>\r\n    <code class=\"code_block\">Computer Configuration\\Policies\\Administrative Templates\\Microsoft Edge\\Allow importing of payment info\r\n</code>\r\n    <p>\r\n      <strong>Note:</strong>\r\n This Group Policy path may not exist by default. It is provided by the Group Policy template                 <span class=\"inline_block\">MSEdge.admx/adml</span>\r\n that can be downloaded from Microsoft                 <a href=\"https://www.microsoft.com/en-us/edge/business/download\">here</a>\r\n.              </p>\r\n    <p class=\"bold\">Impact:</p>\r\n    <p>\r\n      <p>Users will be unable to perform a payment information import from other browsers into Microsoft Edge.</p>\r\n    </p>\r\n  </p>\r\n</div>",
            "benchmarkName": "CIS"
"recommendedValue": [ 
                "Equals '0'" 
            ], 
            "source": [ 
                "hkey_local_machine\\software\\policies\\microsoft\\windows\\eventlog\\security\\retention" 
            ]
        }, 
    ] 
} 

See also