Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎07-06-2025 11:27 PM
‎07-06-2025 11:27 PM

Microsoft Intune Issue

Hi All

 

BREAKING: Intune’s biggest face-palm since MDM v1 – custom security baseline settings are being wiped during the 23H2→24H2 upgrade, and sources say the war room in Building 92 is running 24/7.

Early 30 June, an internal “SEV-0 BL-4815” bridge pulled in Endpoint Manager VP Andrew Conway, Azure CISO Bret Arsenault and two Edge Sec engineers: telemetry showed a 31 % drop in baseline enforcement across 48 000 tenants. Yet the public status page stayed Healthy because the merge pipeline logs deletions as “successful apply”. Two product managers have been reassigned while a Tiger Team races to bolt on diff-aware versioning.

What really went wrong?
• Baselines live as JSON blobs in Azure Policy. When schemaVersion changes, Intune does a blind DELETE & INSERT – no merge layer. Microsoft finally documented the symptom but not the design flaw.
• The same engine feeds Windows, macOS, iOS & Android baselines, so Gatekeeper, FileVault, Defender, even Wi-Fi payloads roll back to factory defaults.
• Offline devices get an empty payload; on next sync they overwrite local registry with zeros – think servers rebooting minus firewall rules.

Why execs are sweating

1. A Fortune 50 retailer lost PCI segmentation overnight; MDR saw port 445 light up across three regions.


2. A US-state health agency hit HIPAA drift 48 hours before its audit.


3. Microsoft Managed Desktop tenants can’t apply the workaround; baselines are service-locked, exposing 600 k seats.

Inside chatter
– Finance may pause July Intune Premium increases: “can’t sell Zero Trust if we nuke Zero Trust.”
– Legal reviewing if “secure by default” ads breach FTC terms.
– Draft “Baseline 2.0” spec proposes Git-style commit history; ETA Q4 2025.
– Field guidance: say nothing beyond KB 556712 until fix ships.

If you run Intune, do this NOW

1. Export every baseline (Get-MgDeviceManagementConfigurationPolicy | Export-Csv) offline.


2. Clone baseline, deploy to 20-device ring first.


3. Watch Event ID 813 for “policy removed”.


4. Script re-apply via Graph: loop baseline GUID & POST custom OMA-URIs.


5. Add Defender detection for missing CSP paths.


Power users: Private preview cmdlet Restore-IntuneBaselineCustomization exists—email your TAM “BL-4815 Hotfix” to join.

Intune’s promise was cloud-speed hardening. Today it’s a single point of mass mis-configuration. Copy, share, and make noise—Redmond moves faster when the funnel heat map glows red.

 


https://www.linkedin.com/feed/?highlightedUpdateType=SHARED_BY_YOUR_NETWORK&highlightedUpdateUrn=urn...

 

Please verify and check out this posting.

 

Regards

 

Caute_Cautim

Reply
0 Replies