Custom policies vanish in Microsoft Intune updates, company confirms

If you rely on Microsoft Intune to enforce security baselines, there’s a serious bug you should know about. Microsoft has confirmed that updating from one security baseline to another, like from Windows 11 23H2 to 24H2, wipes out any custom changes an IT admin may have applied.

Instead of preserving these settings, Intune resets them to Microsoft’s recommended defaults. Well, that’s a big problem for organizations with tailored policies.

These changes aren’t just small changes; they often reflect company-specific security and compliance requirements. Having them silently reset during a baseline upgrade can introduce real risk and confusion.

Right now, there’s no fix. Microsoft says it’s working on one, but in the meantime, admins are being told to manually reapply their settings after each update. This is especially frustrating for companies managing dozens or even hundreds of devices through Intune.

Microsoft hasn’t shared when the fix will arrive, and there’s no automation script available to streamline the process. If you’re affected, Microsoft recommends contacting support through its official X (FKA Twitter) account or using published guidance for help.

It’s a rare but quite frustrating issue in a platform many businesses rely on daily. And, while Intune’s broader device and endpoint management features still work across Windows, Android, iOS, macOS, and WSL, baseline control is a critical piece. Sadly, it’s broken right now.