skiptotheendpoint / openintunebaseline Goto Github PK
View Code? Open in Web Editor NEWCommunity-driven baseline to accelerate Intune adoption and learning.
License: GNU General Public License v3.0
Community-driven baseline to accelerate Intune adoption and learning.
License: GNU General Public License v3.0
Hey! I've stumbled upon this problem where laptops restart after device setup phase, and then they lose the temporary access pass (TAP). I've been trying so hard to figure out which policy might be causing this. I thought it could be update policies based on some Google searches, but I've already disabled those and it's still happening. So, I'm kind of lost. If you could give me any hints on how to figure it out, I'd be super grateful.
Also, I just want to say thanks a bunch for sharing this, it's been a huge help!
Hi,
In the latest changelog under:
Win - OIB - Microsoft Store - D - Configuration
Changed "Block Non Admin User Install" and "Allow All Trusted Apps" from "Block" to "Allow" and "Explicit allow unlock." to "Explicit deny" respectively as per suggestion #4 - You'd think "Block" would mean it's blocked, but no, thanks Microsoft.
Removed "Block Non Admin User Install" and added "MSI Allow User Control Over Install" set to "Disabled".
It states that you change Block Non Admin User Install from Block to Allow, but at the end is states that Removed "Block Non Admin User Install" .
There seems to be a couple issues with the 3.1 version of the Internet Explorer Configuration profile, where it doesn't match the Windows 11 v23H2 Security Baseline settings for Internet Explorer.
The subsetting for Don't run antimalware programs against ActiveX controls should be set to Disable, is currently Enable.
Turn on SmartScreen Filter scan should not be set.
Turn on SmartScreen Filter should be enabled.
The Only allow approved domains to use ActiveX controls without prompt setting is missing, should be enabled.
Export contains hardcoded tenantId rather than %OrganizationId%
There are 2 policies:
Win - OIB - Defender Firewall - D - Firewall Configuration - v3.0
Win - OIB - Windows Firewall - D - Firewall Configuration - v3.1
It appears that the difference is primarily around logging - e.g. of dropped connections.
Is there meant to be only one policy?
Believe to be related to settings in Win - OIB - Device Security - D - Local Security Policies - v3.0
On Windows 10, UAC prompts for username and password
On Windows 11, UAC prompts for Administrator password
Getting the Error Code 65000 on several of the Defender Antivirus settings.
Win - OIB - Defender Antivirus - D - Additional Configuration - v3.1
Hide Exclusions From Local Users
Intel TDT Enabled
Oobe Enable Rtp And Sig Update
Win - OIB - Defender Antivirus - D - Security Experience - v3.0
Tamper Protection Blob
This is occurring during the White Glove OOBE on both Lenovo and Dell devices.
I am having an odd issue I suspect may be caused by a setting in OpenIntuneBaselines but I am not 100% sure. WIth the baselines applied, the default destructive pin reset from the lock screen does not work, it just says "please wait" for 1 second and goes back to the lock screen sleep screen with just the time. The same thing happens trying to use the windows web-sign in provider for entra joined machines.
I read that blocking notifications can disable pin reset but can't find why web sign in doesn't work. I tried re-enabling lock screen notifications but it didnt fix either problem. Perhaps I missed notifications disabled in a 2nd location?
I am wondering if anyone else using these baselines either has the same problem or if they can succesfully use web sign in and the default destructive pin reset (it should work without any config, unlike the non destructive pin reset). If anyone running the baselines I would appreciate it! Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.