Over the last few weeks, several posts have been made about the release of the Windows 11 24H2 security baselines. If you’re unfamiliar with security baselines, they’re a pre-configured set of security settings based on Microsoft’s best security practices. Applying all security baseline settings, especially in an existing environment, can cause chaos and problems for end users. So, it’s best to test with a small group and roll these settings out slowly and in phases to the end users. To make that much easier, Dustin Gullet broke these settings into device configuration policies JSON files that can be imported into Intune. You can see his post on LinkedIn here. Steven Weiner also created a great video discussing the security baselines and walks through how to import the JSON policies Dustin took the time to create. To take things a bit further, Steven’s video also walks about the Intune Toolkit from Maxime Guillemin to compare these baseline settings against what you may already have configured in your tenant. I recommend reading Dustin’s blog and watching Steven’s video if you have not already.
These guys already did all the heavy lifting. However, right now, you can only add one JSON file at a time through the Intune GUI. So, I made this a bit easier if you want to import all 27 security baseline configuration policies at once. The script will grab all the JSON configuration files from Dustin’s repo and import them into your Intune tenant. The whole process takes about 10 seconds. You can find the script here and an example of the script running below. Simply download the script, run it with PowerShell, authenticate to your desired Intune tenant when prompted, and the script will do the rest.
Hopefully, this will save some time if you have more than one tenant against which you want to test the baselines.