A few days back Microsoft released Windows 11 Security Baseline Package. Microsoft’s Security Baseline Packages are the security tweaks (configuration settings) that offer some level of security in organizations. Besides a couple of new settings, this Microsoft release will also include few changes, a new setting for Microsoft Defender Antivirus, and a custom setting that restricts installation of printer driver in a few cases. Moreover, all the legacy settings of Microsoft’s browser, Edge have been eliminated.
Following are the settings and changes included along with Security Baseline Package in Windows 11.
Restrict Driver Installations
On July 08, 2021, Microsoft released a security patch for the PrintNightmare bug, further traced as CVE-2021-34527. This security vulnerability allowed the threat actor to gain admin access to the whole network just by compromising a system on that network.
Microsoft has added a new setting to the MS Security Guide customer administrative template for SecGuide.admx/l
You can find it by going to Administrative Templates\ MS Security Guide\ Limits print driver installation to Administrators.
The tamper protection feature in the Microsoft Defender protects the antivirus software and prevents any malicious attempts to toy with the security settings. You must ensure that the tamper protection is turned on before starting the process of activating the Microsoft Security Baseline Windows 11.
Earlier the Script Scanning was a parity gap among the MDM and Group Policy. However, since Microsoft closed the parity gap, it’s no longer an issue. Microsoft has enforced enabling Script Scanning.
You can find the Script Scanning setting by going to Windows Components\Microsoft Defender Antivirus\Real-time Protection\Turn on script-scanning.
Microsoft Edge Legacy
On March 9, 2021, Microsoft Edge Legacy reached the end of life (EOL) meaning that there won’t be any updates in the future. Moreover, Edge Legacy will not be included in the new Windows 11. So, the Legacy Edge Settings have been removed from the baseline. It is a part of separate release cadence and available as part of the Microsoft Security Compliance Toolkit.
We suggest that you should use the Chrome version of the Microsoft Edge.
For further information on the Security Baseline Package, visit Security Baseline Community.
Looking for more Windows news? Signup for our newsletter for the latest update.