Windows 10 Version 21H2 Security Baseline

Windows[German]Microsoft has updated the so-called Security Baseline (a tool for security administrators in companies) for Windows 10 version 21H2 and released it generally. In the current version, not only the latest Windows 10 version is supported. There are also special guidelines for printing or protection against ransomware. Here is a brief overview.


Security Baseline for Windows

The Security Baseline package is a set of tools that enable enterprise security administrators to download, analyze, test, edit and save Microsoft-recommended security configuration baselines for Windows and other Microsoft products, and compare them to other security configurations. 

Announcement of the new release

I became aware of the new release of the Security Baseline for Windows 10 version 21H2 the days via the following tweet. Microsoft has has published its own techcommunity post about it.

Security Baseline for Windows 10 21H2 

In this release, the Security Baseline brings some new policies, which are detailed in the Techcommunity post.

  • In this release, a setting for printer driver installation restrictions has been added (which is also included in the Windows 11 release). This is to respond to the CVE-2021-34527 (PrintNightmare) vulnerability by restricting driver installation.
  • Since the Microsoft Edge browser in the legacy version is out of support on March 9, 2021 and is no longer included in Windows 10 21H2, relevant settings have been removed from the package

Microsoft also notes to make sure tamper protection is enabled in Microsoft Defender for Endpoint (Tamper Protection) when enabling the Microsoft Security Baseline. This is to provide an additional layer of protection against ransomware. The Security Baseline can be downloaded for free as part of the Microsoft Security Compliance Toolkit 1.0. Windows 10 Version 21H2 Security Baseline


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *