Hi,

Is there a best practice to start rolling out the Microsoft security baseline.  I am in a Greenfield situation where I would like to use this baseline as a starting point.  This by first adjusting the baseline by removing what I think might be causing issues for the user.  There are a lot of settings in this baseline so I am sure some of them will causes issues for users.  Since you simply can’t disable the policy and all settings will be reverted what is the best practice around this?

Make a copy of the existing baseline adjust settings and re-apply the correct settings?  

I read that Intune is tattooing some settings an the only way to reverse is to wipe and re-deploy, or manually fix in registry.  

Any advice on this, maybe not use the baseline and built template gradually.

​Hi, Is there a best practice to start rolling out the Microsoft security baseline.  I am in a Greenfield situation where I would like to use this baseline as a starting point.  This by first adjusting the baseline by removing what I think might be causing issues for the user.  There are a lot of settings in this baseline so I am sure some of them will causes issues for users.  Since you simply can’t disable the policy and all settings will be reverted what is the best practice around this?Make a copy of the existing baseline adjust settings and re-apply the correct settings?  I read that Intune is tattooing some settings an the only way to reverse is to wipe and re-deploy, or manually fix in registry.  Any advice on this, maybe not use the baseline and built template gradually.    Read More

​