Windows 11 Security Baseline: Everything You Need to Know

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

windows 11 security baseline

With the release of Microsoft’s new operating system comes the release of the security baseline package.

This is something you can enable after installing the operating system to your supported computer, and it doesn’t take a lot of effort to get done either.

Find everything you need on Microsoft special page

You will most likely want to download all the essential data from the Microsoft Security Compliance Toolkit, and you can easily find all you need on Microsoft’s dedicated page.

From there, according to Redmond officials, you should test the recommended configurations. Also, you will want to customize and implement as appropriate for your needs.

From what we understand, two new settings have been included for this recent release. They were initially added to the Windows Server 2022 launch, so some users may already have ample experience with them.

These recent settings are custom for the printer driver installation restriction and a new Microsoft Defender Anti-virus feature. Interestingly enough, the software giant has removed all Microsoft Edge legacy settings from this release.

So what’s new?

Script Scanning

Script scanning was a parity gap we had between Group Policy and MDM. Since this gap is now closed, Microsoft is enforcing the enablement of script scanning (Windows Components\Microsoft Defender Antivirus\Real-time Protection\Turn on script-scanning).

Restrict Driver Installations

In July a Knowledge Base article and a subsequent patch were released for CVE-2021-34527, more commonly known as PrintNightmare.

A new setting to the MS Security Guide custom administrative template for SecGuide.admx/l (Administrative Templates\MS Security Guide\Limits print driver installation to Administrators) and enforced the enablement was added.

Microsoft Edge Legacy

Microsoft Edge Legacy (EdgeHTML-based) reached end of support on March 9, 2021 and is not part of Windows 11.

Therefore, the settings that supported it have been removed from the baseline. Going forward, use the new Microsoft Edge (Chromium-based) baseline, which is on a separate release cadence and available as part of the Microsoft Security Compliance Toolkit.

Tamper Protection

While you are enabling the Microsoft Security Baseline for Windows 11 (and/or Windows 10, and/or Windows Server 2022/2019/2016), make sure to enable Microsoft Defender for Endpoint’s Tamper Protection to add a layer of protection against Human Operated Ransomware.

What is your opinion on these extra security measures imposed by the Redmond-based tech giant? Let us know in the comments section below.

More about the topics: Windows 11