Microsoft Intune is a cloud-based endpoint management solution that enables organizations to manage their devices and applications, and improve their associated security posture with ease. Apart from the functionalities discussed, it is also utilized by IT admins for a variety of use-cases, including device enrolment and implementation of Zero Trust security models. However, Microsoft has now acknowledged that Intune is currently broken for customers.
Microsoft says that it has observed an issue in the security baseline update flow. Essentially, if an IT admin makes customizations to the security baseline and they differ from the Microsoft-recommended values, the customizations are not retained. So, if a security baseline is being updated from version Windows 11, version 23H2 to Windows 11, version 24H2, the customizations will default to the recommended values. This is a pretty major break in the flow, especially since it means that organizations cannot retain the values that they intentionally set during the upgrade process.
The extent of the problem is unknown, but Microsoft says that it is actively working on a concrete fix. For the time being, it has asked IT admins to manually apply customizations to their security baseline policy after an update, which can be pretty tedious if you have made a lot of configuration changes. Microsoft has not recommended an automation that can resolve this issue after a manual trigger from an IT admin, but it has directed those with questions to its X (formerly Twitter) support account. IT personnel can also refer to this guidance in order to get assistance on how to configure and update security baseline profiles.
Microsoft Intune is an incredibly versatile and mandatory tool in the arsenal of organizations who have invested in Redmond"s ecosystem. But it is important to note that it is not limited to Windows hardware, and can assist with endpoint management on devices running Android, iOS, macOS, and Windows Subsystem for Linux (WSL) too.