Microsoft Intune Admins Beware! Your Security Baseline Policy Tweaks are not Saved During Updates
Microsoft Intune administrators are facing a critical issue where their carefully configured security baseline policy customizations are being lost during version updates, potentially leaving enterprise environments vulnerable to security gaps.
The Intune Support Team officially acknowledged this known issue on July 1, 2025, affecting organizations that have implemented custom security configurations differing from Microsoft’s recommended baseline values.
Summary
1. Microsoft Intune loses custom security baseline settings during version updates (23H2 to 24H2).
2. Organizations may face security gaps when customizations revert to defaults.
3. Manually document and reapply customizations after each update.
4. The issue was officially acknowledged by Microsoft's Intune Support Team on July 1, 2025, with ongoing fix development.
Custom Security Policies Lost in Windows Version Upgrades
The identified vulnerability occurs specifically within the security baseline policy update flow, where administrators’ custom configurations fail to persist when upgrading to newer baseline versions.
This affects organizations transitioning between major Windows versions, such as updating security baselines from version 23H2 to the more recent 24H2 release.
The issue represents a significant operational concern for IT departments that have invested considerable time fine-tuning their security policies to meet specific organizational requirements.
Microsoft Intune’s security baseline policies serve as foundational security configurations that help organizations maintain consistent security postures across their device fleets.
These policies typically include registry modifications, security settings, and compliance requirements that differ from default Windows configurations.
When administrators customize these baselines to accommodate specific business needs or regulatory requirements, they expect these modifications to carry forward during version updates.
The bug specifically impacts customers who have made customizations that deviate from Microsoft’s recommended security baseline values.
Organizations that rely heavily on customized security policies face the risk of reverting to default configurations during updates, potentially creating security vulnerabilities or compliance gaps that could expose sensitive corporate data.
Temporary Workaround and Microsoft’s Response
While Microsoft engineers work on developing a permanent fix, the Intune Support Team has recommended a manual workaround requiring administrators to reapply their customizations after completing baseline policy updates.
This temporary solution places additional administrative burden on IT teams, who must now document their customizations beforehand and manually reconfigure them post-update.
Microsoft has directed affected administrators to review the “Update a profile to the latest version” documentation available in Microsoft Learn, which provides detailed guidance on the baseline update process.
The documentation includes step-by-step procedures for managing profile updates and best practices for maintaining security configurations during transitions.
The Intune Support Team has committed to providing regular updates on their progress toward resolving this issue.
Administrators experiencing difficulties can engage with Microsoft support through the official blog comments or by contacting @IntuneSuppTeam on X (formerly Twitter) for additional assistance and updates on the fix timeline.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
Source link
