We are excited to announce that VMware Workspace ONE 2306 now supports Windows 11 in the Baselines catalog. This means you can easily apply security and compliance policies to your Windows 11 devices using Workspace ONE.
Windows 11 is the latest operating system from Microsoft, offering a modern and intuitive user experience. With Workspace ONE 2306, you can leverage the benefits of Windows 11 while ensuring your devices are secure and compliant.
What Catalog Templates and OS versions are supported with Windows 11?
For the Windows Security Baselines, we have added the following:
- Windows 11 version 21H2 (Build 22000)
- Windows 11 version 22H2 (Build 22621)
For the CIS Windows Benchmarks Baselines, we have added the following:
- Windows 11 version 21H2 (Build 22000) – Level 1
- Windows 11 version 21H2 (Build 22000) – Level 2
What policies are currently supported in Baselines?
Workspace ONE now supports Security Baselines across Windows 10 and Windows 11 for Windows Security Baselines and CIS Windows Benchmarks. This means that you can easily apply the recommended security settings for your devices based on industry standards and best practices.
The table below shows the Windows OS version and the Workspace ONE Baselines templates available.
|
Windows OS Version |
Microsoft Security Baselines |
CIS Level 1 |
CIS Level 2 |
|
Windows 10 -Version 1709 |
✅ |
✅ |
✅ |
|
Windows 10 - Version 1803 |
✅ |
✅ |
✅ |
|
Windows 10 - Version 1809 |
✅ |
✅ |
✅ |
|
Windows 10 - Version 1903 |
✅ |
✅ |
✅ |
|
Windows 10 - Version 1909 |
✅ |
✅ |
✅ |
|
Windows 10 - Version 2004 |
✅ |
✅ |
✅ |
|
Windows 10 - Version 20H2 |
✅ |
|
|
|
Windows 10 - Version 21H1 |
✅ |
|
|
|
Windows 10 - Version 21H2 |
✅ |
✅ |
✅ |
|
Windows 10 - Version 22H2 |
✅ |
|
|
|
Windows 11 - Version 21H2 |
✅ |
✅ |
✅ |
|
Windows 11 - Version 22H2 |
✅ |
|
|
Apply Windows 11 Baselines to devices after upgrade to Windows 11
If you update your Windows machine from Windows 10 to Windows 11—when Baselines are deployed correctly, Workspace ONE will automatically apply the correct Baseline configuration targeted to the device or device collection based on specified criteria.
One way of achieving this is by assigning the configured Baselines to the Windows OS version relevant to the baseline. This is done using Workspace ONE smart groups.
For example, create a smart group for each specific Windows version and
- Deploy Windows 10 – 22H2 Baselines to Windows 10 – 22H2 Devices.
- Deploy Windows 10 – 21H2 Baselines to Windows 10 – 21H2 Devices.
- Deploy Windows 10 – 21H1 Baselines to Windows 10 – 21H1 Devices.
- Deploy Windows 11 – 22H2 Baselines to Windows 11 - 22H2 Devices.
- Deploy Windows 11 – 21H2 Baselines to Windows 11 - 21H2 Devices.
And so on.
This way, when a device updates to a Windows 11 version, Workspace ONE will automatically apply the correct version of Baselines to the machine.
For more details on using Workspace ONE Baselines to manage your Windows desktop devices, see the following blog post:
'%3E%3Cpath id='Rectangle_1' data-name='Rectangle 1' d='M0,0H800V300H0Z' transform='translate(2297 1132)' fill='%23E2F0D9'/%3E%3Cg id='Group_5' data-name='Group 5' transform='translate(-6 -3)'%3E%3Ctext transform='translate(2534 1280)' font-size='50' font-family='Roboto-Regular, Roboto'%3E%3Ctspan x='0' y='0'%3ECurated Assets%3C/tspan%3E%3C/text%3E%3Ctext transform='translate(2611 1333)' font-size='20' font-family='Roboto-Regular, Roboto'%3E%3Ctspan x='0' y='0'%3ETile View (with image and controls)%3C/tspan%3E%3C/text%3E%3C/g%3E%3C/g%3E%3C/svg%3E)
Summary
Workspace ONE Baselines help you protect your data and devices from cyber threats and comply with regulatory requirements. You can customize the Security Baselines to suit your specific needs and preferences and monitor their compliance status from a single dashboard.
With Workspace ONE, you can manage your Windows Security Baselines and CIS Windows Benchmarks across Windows 10 and 11 devices with confidence and peace of mind.
Simple, yet substantial benefits of Workspace ONE Baselines are as follows:
- Workspace ONE Baselines apply policies to devices that are domain-joined, Azure-joined, or workgroup devices.
- Remove the complexity of managing policies from a domain controller and deliver them from the cloud!
- No need to force policies to apply with
gpupdate /force. - No VPN is required to apply policies to remote workers.
- Deploy templates or customize policies in seconds.
- No need to force policies to apply with
- Manage MDM profile configurations and traditional Group Policy Objects (GPOs) in a single console.
- Customize and edit policies that match your AD GPOs or create new ones based on your business needs.
- Remove the need for third-party compliance tools. View and manage the policy compliance of your device fleet over the air in the Workspace ONE admin console with Role Based Access.
- Support for Microsoft Security Baselines, CIS Benchmarks for Windows 10 and 11 devices
For more information about Windows Policy Management with Workspace ONE UEM, we encourage you to read: