Article Details

Microsoft admits to Intune forgetfulness. Customizations not saved with security baseline policy update. Microsoft Intune administrators may face a few days of stress after Redmond acknowledged a problem with security baseline customizations. The problem? Those customizations might not be saved during the update process, and the current workaround is to manually reapply customizations after updating baseline policies. Microsoft Intune is a cloud-based endpoint management service that allows organizations to manage fleets of devices, including configuration and updates. Many admins use Intune for patch and policy management as an alternative to on-premises tools like Windows Server Update Services (WSUS), which was noted as being "no longer in development" with the release of Windows Server 2025. The biz also has Microsoft Configuration Manager, which has its roots in the venerable Systems Management Server of the 1990s and is an on-premises product to manage a wide variety of products, including servers. The two are sometimes used together. A security baseline in Intune is a template consisting of configuration settings. Microsoft generally issues a default baseline with recommended values, and an administrator can then tweak those values (or not) depending on the needs of their organization. However, those values not being maintained during the update process is less than ideal, particularly if there are a lot of customizations. The new problem occurs if an administrator customizes the security baseline, and "affects customers who are updating their baseline version to a more recent version. For example, updating the security baseline from version 23H2 to version 24H2." Microsoft, it appears, knows best, and the changes will be discarded in favor of the Microsoft-recommended defaults. This is fine for administrators who are happy to blithely accept whatever Microsoft sets as a default, but it is not so good for organizations that want to make their own tweaks. The current workaround is also a pain – "While we work on the fix," said the Redmond gang, "we recommend that admins manually reapply their customizations after updating their baseline policies." Reports of administrators rolling their eyes so hard that the Earth has shifted slightly on its axis are likely exaggerated.