https://www.verboon.info/tags/compliance-baseline/Recent content in Compliance-Baseline on Anything About ITHugoen-usFri, 12 Jul 2019 14:30:04 +0000https://www.verboon.info/2019/07/monitoring-windows-defender-cloud-protection-service-connectivity-with-configmgr/Fri, 12 Jul 2019 14:30:04 +0000https://www.verboon.info/2019/07/monitoring-windows-defender-cloud-protection-service-connectivity-with-configmgr/<p>Hello everyone, earlier this week I wrote a blog post how to test Microsoft Defender Cloud Protection Service (MAPS) with PowerShell. Today I would like to share a possible approach how to actively monitor MAPS Connectivity across all your devices using ConfigMgr configuration baselines.</p> <p>As mentioned in my earlier blogpost in order to take full advantage of Microsoft Defender protection capabilities, it’s important that clients can communicate with MAPS, if the client cannot communicate with MAPS the client will be unable to provide near-instant, automated protection against new and emerging threats, meaning that Windows Defender will only be using the latest protection updates installed locally, depending on the strategy how you deploy these, these might be a couple of hours if not days old.</p>https://www.verboon.info/2018/02/oms-security-and-audit-baseline-assessment/Mon, 19 Feb 2018 20:53:31 +0000https://www.verboon.info/2018/02/oms-security-and-audit-baseline-assessment/<p>The Microsoft Operations and Management Suite, Security and Audit Solution includes a Baseline Assessment component. The Baseline configuration definition includes a set of Registry, audit policy and security policy settings rules that are recommended to configure to achieve a secure operating environment.</p> <p> <img src="images/021918_2045_OMSSecurity1.png" alt=""> </p> <p> <img src="images/021918_2045_OMSSecurity2.png" alt=""> </p> <p>Within the Console we get an overview of &ldquo;Rules&rdquo; that have failed, because the servers don&rsquo;t have the recommended configuration applied. While looking at this, I wondered where I can find the complete set of rules that are used when performing the baseline assessment.</p>https://www.verboon.info/2013/10/configmgrcompliance-baseline-for-branchcache-on-windows-8/Tue, 08 Oct 2013 14:14:03 +0000https://www.verboon.info/2013/10/configmgrcompliance-baseline-for-branchcache-on-windows-8/<p>Here’s a ConfigMgr Compliance baseline that checks the BranchCache configuration on Windows 8 clients. With the release of Windows 8 and Server 2012 Microsoft also made available <a href="http://technet.microsoft.com/en-us/library/hh848392.aspx">PowerShell cmdlets for BranchCache</a>, so creating a script based configuration item in ConfigMgr becomes a pretty straight forward task.</p> <p>The below Compliance Baseline checks the following 3 things.</p> <ul> <li> <p>Is BranchCache Enabled</p> </li> <li> <p>Is the Service Running</p> </li> <li> <p>Is BranchCache operating in Distributed Cache mode</p> <p> <img src="images/image_thumb.png" alt="image"> </p> <p>The following PowerShell commands are included within the configuration items.</p>