microsoft / Intune-ACSC-Windows-Hardening-Guidelines

Collection of Intune policies that could assist with implementing ACSC's Windows hardening guidance.
MIT License
272 stars 54 forks source link

Smart Screen Conflict #10

Open Dewan-Fourie opened 7 months ago

Dewan-Fourie commented 7 months ago

There is a conflict when deploying both "policies/ACSC Windows Hardening Guidelines.json" and "policies/Windows Security Baseline (for use with ACSC Windows Hardening Guidelines).json" to Intune. They are both setting Smart Screen controls causing the configuration status to show as "Conflict" in Intune.

As I am deploying both of these configurations, I've opted to remove the controls from "policies/ACSC Windows Hardening Guidelines.json" with the "settingDefinitionId" of:

The controls in "policies/Windows Security Baseline (for use with ACSC Windows Hardening Guidelines).json" with the following "definitionId" is then used to configure Smart Screen:

midineenMSFT commented 7 months ago

Thank you @Dewan-Fourie for reporting these conflicts with Smart Screen and how you resolved them. Have you attempted to deploy the draft policies in the 23H2-Windows-Security-Baseline, which has moved all policies to be based on Settings Catalog? This, along with a few other included improvements, should resolve all known conflicts.