Important Update! I published a new export to solve import issues but that export missed the following so if you download that export update it with the following changes to match the Security Baseline:
- Administrative Templates > MS Security Guide
Changed from Disabled – Enabled:Disabled
- Local Policies Security Options
Microsoft Network Client Send Unencrypted Password To Third Party SMB Servers
Changed from Enable – Disable
Allow Indexing Encrypted Stores Or Items
Change from Allow = Block
- Smart Screen – Missing
Enable Smart Screen In Shell : Enabled
Prevent Override For Files In Shell : Enabled
I wrote a post a couple of weeks ago with the Microsoft Edge Security Baseline policy re-created in Settings catalog. I got a lot of questions if I had done it with the Windows MDM Security Baseline as well and here it is.
This was not a fun exercise it took a while. Looking forward to the end of Internet Explorer 11 once and for all, recreating this brought back memories on configuring IE 11 with Group Policies…. Not all positive.
I like using Settings Catalog better than the security baseline because it is easier to modify, easier to manage and follow up.
When I recreated the Edge Security baseline I had to use a PowerShell script to set two settings, that was not needed this time all settings was available.
The policy can be downloaded in .json format here:
I hope you find it useful