In recent weeks, multiple discussions have emerged regarding the release of the Windows 11 24H2 security baselines. For those who may not be aware, security baselines consist of a standardized set of security configurations based on Microsoft’s recommended security practices. Implementing all baseline settings, especially in an established environment, can lead to disruptions and issues for users. Therefore, it’s advisable to conduct tests with a small group and gradually deploy these settings in phases. To simplify this process, Dustin Gullet has organized these settings into device configuration policy JSON files that can be imported into Intune. Check out his post on LinkedIn here. Additionally, Steven Weiner produced a fantastic video that explains the security baselines and guides viewers on how to import the JSON policies that Dustin created. To enhance this further, Steven’s video also discusses the Intune Toolkit by Maxime Guillemin, which allows for a comparison of these baseline settings with existing configurations in your tenant. If you haven’t yet, I recommend reading Dustin’s blog and watching Steven’s video.
These individuals have already done significant work. However, currently, you can only add one JSON file at a time via the Intune GUI. To streamline this, I have created a script that allows you to import all 27 security baseline configuration policies simultaneously. The script will retrieve all the JSON configuration files from Dustin’s repository and import them into your Intune tenant. This entire process takes approximately 10 seconds. You can access the script here, along with an example of the script in action below. Just download the script, execute it with PowerShell, authenticate to your desired Intune tenant when prompted, and the script will handle the rest.
Hopefully, this will expedite the process if you have multiple tenants to test the baselines against.
