August 09, 2023

Windows 11 Baselines are now in the Workspace ONE Baselines Catalog

We are excited to announce that VMware Workspace ONE 2306 now supports Windows 11 in the Baselines catalog. This means you can easily apply security and compliance policies to your Windows 11 devices using Workspace ONE.

We are excited to announce that VMware Workspace ONE 2306 now supports Windows 11 in the Baselines catalog. This means you can easily apply security and compliance policies to your Windows 11 devices using Workspace ONE.

Windows 11 is the latest operating system from Microsoft, offering a modern and intuitive user experience. With Workspace ONE 2306, you can leverage the benefits of Windows 11 while ensuring your devices are secure and compliant.

A screenshot of a computer</p>
<p>Description automatically generated with medium confidence

What Catalog Templates and OS versions are supported with Windows 11?

For the Windows Security Baselines, we have added the following:

  • Windows 11 version 21H2 (Build 22000)
  • Windows 11 version 22H2 (Build 22621)

A screenshot of a computer</p>
<p>Description automatically generated with medium confidence

For the CIS Windows Benchmarks Baselines, we have added the following:

  • Windows 11 version 21H2 (Build 22000) – Level 1
  • Windows 11 version 21H2 (Build 22000) – Level 2

A screenshot of a computer</p>
<p>Description automatically generated with medium confidence

What policies are currently supported in Baselines?

Workspace ONE now supports Security Baselines across Windows 10 and Windows 11 for Windows Security Baselines and CIS Windows Benchmarks. This means that you can easily apply the recommended security settings for your devices based on industry standards and best practices.

The table below shows the Windows OS version and the Workspace ONE Baselines templates available.

Windows OS Version

Microsoft Security Baselines

CIS Level 1

CIS Level 2

Windows 10 -Version 1709

Windows 10 - Version 1803

Windows 10 - Version 1809

Windows 10 - Version 1903

Windows 10 - Version 1909

Windows 10 - Version 2004

Windows 10 - Version 20H2

 

 

Windows 10 - Version 21H1

 

 

Windows 10 - Version 21H2

Windows 10 - Version 22H2

 

 

Windows 11 - Version 21H2

Windows 11 - Version 22H2

 

 

Apply Windows 11 Baselines to devices after upgrade to Windows 11

If you update your Windows machine from Windows 10 to Windows 11—when Baselines are deployed correctly, Workspace ONE will automatically apply the correct Baseline configuration targeted to the device or device collection based on specified criteria.

A screenshot of a computer</p>
<p>Description automatically generated with medium confidence

One way of achieving this is by assigning the configured Baselines to the Windows OS version relevant to the baseline. This is done using Workspace ONE smart groups.

For example, create a smart group for each specific Windows version and

  • Deploy Windows 10 – 22H2 Baselines to Windows 10 – 22H2 Devices.
  • Deploy Windows 10 – 21H2 Baselines to Windows 10 – 21H2 Devices.
  • Deploy Windows 10 – 21H1 Baselines to Windows 10 – 21H1 Devices.
  • Deploy Windows 11 – 22H2 Baselines to Windows 11 - 22H2 Devices.
  • Deploy Windows 11 – 21H2 Baselines to Windows 11 - 21H2 Devices.

And so on.

This way, when a device updates to a Windows 11 version, Workspace ONE will automatically apply the correct version of Baselines to the machine.

For more details on using Workspace ONE Baselines to manage your Windows desktop devices, see the following blog post:

 

 

Summary

Workspace ONE Baselines help you protect your data and devices from cyber threats and comply with regulatory requirements. You can customize the Security Baselines to suit your specific needs and preferences and monitor their compliance status from a single dashboard.

With Workspace ONE, you can manage your Windows Security Baselines and CIS Windows Benchmarks across Windows 10 and 11 devices with confidence and peace of mind.

Simple, yet substantial benefits of Workspace ONE Baselines are as follows:

  • Workspace ONE Baselines apply policies to devices that are domain-joined, Azure-joined, or workgroup devices.
  • Remove the complexity of managing policies from a domain controller and deliver them from the cloud!
    • No need to force policies to apply with gpupdate /force.
    • No VPN is required to apply policies to remote workers.
    • Deploy templates or customize policies in seconds.
  • Manage MDM profile configurations and traditional Group Policy Objects (GPOs) in a single console.
  • Customize and edit policies that match your AD GPOs or create new ones based on your business needs.
  • Remove the need for third-party compliance tools. View and manage the policy compliance of your device fleet over the air in the Workspace ONE admin console with Role Based Access.
  • Support for Microsoft Security Baselines, CIS Benchmarks for Windows 10 and 11 devices

For more information about Windows Policy Management with Workspace ONE UEM, we encourage you to read:

Filter Tags

Workspace ONE Workspace ONE UEM Blog Announcement Overview Win10 and Windows Desktop