Windows Security Baseline for Feature Release 24H2

Baselines are an integral aspect of managing and securing Windows Desktops, and Omnissa is announcing the availability of the newest template of the Windows Security Baseline.  For Windows 11, the Windows Security Baseline for Feature Release 24H2 can now be accessed and configured from the Workspace ONE UEM console. 

Workspace ONE UEM Baseline options

As you’ll recall, there are two types of preconfigured templates available: Windows Security Baseline and CIS Windows Benchmarks.  At this time, the Windows Security Baseline dropdown now includes the option for the Windows 11 Feature Release 24H2.  Note that the last Feature Release from Microsoft for Windows 10 was version 22H2, so there will be no equivalent option for Windows 10. 

Figure 1: New Windows Security Baseline for Windows 11 Feature Release 24H2

Configuration

Please keep in mind that an existing baseline cannot simply be upgraded to a new template.  It’s necessary to configure a new baseline and assign it to the appropriate Smart Group(s).  Of course, when making this change, coordinate with your Security team to ensure that the new security baseline settings align with your enterprise requirements.

If you’re in the process of upgrading Windows 11 devices to Feature Release 24H2, note that the corresponding build number is referenced as 10.0.26100.  When creating the Smart Group assignments, ensure that the Platform and Operating System tab includes this build number as “Greater than or equal to” or “Equal to”, as well as any other pertinent criteria.

Figure 2: Smart Group platform and operating system selection

What’s next?

The CIS Windows Benchmarks for Windows 11 Feature Release 24H2 is not quite ready for release, so please stay tuned for that announcement.