Keep your Windows Desktop devices configured to best practices with Baselines. Workspace ONE UEM curates industry-recommended settings into one Baseline configuration to simplify securing your devices. Baselines reduce the time it takes to set up and configure Windows devices. Show
Cloud-Based Micro-ServiceBaselines use a cloud-based micro service to handle the policy catalog. If you are an on-premises customer, ensure that your environment can communicate with the micro-service. Baselines Require Constant Connectivity to Device ServicesAll enrolled Windows devices that use Baselines require uninterrupted connectivity to the Workspace ONE UEM Device Services (DS) server. Devices need this constant connectivity for Baseline statuses to remain current. If you use a proxy setup or have certain firewall settings, these configurations can interrupt the connection between your Windows devices and the DS server. For example, if devices use a VPN or a restricted network to access resources, this set up interrupts the connection to the DS server. Baselines on these devices are at risk of being out of date. Types of Baselines
Baselines are based on the Windows OS version of your devices. You can change the OS version of any Baseline later when editing. During configuration, you can choose which Baseline to use and customize any of the Baseline policies. You can also add additional Microsoft ADMX-backed policies as part of the configuration process. CIS Benchmark ConsiderationsCIS reports the listed benchmarks to establish a more secure connection between your server and your devices. However, these benchmarks are not currently supported by the CIS Windows Benchmarks Baseline template. Admins must configure these benchmarks. See the applicable Windows Server CIS Benchmark report for details.
What Happens After You Assign Baselines?After enrolling a device into Workspace ONE UEM, you can add the device to a smart group and assign a Baseline to the group. The device receives and applies all the settings and configurations in the Baseline after a device restart. The device checks for the Baseline configurations upon publishing the Baseline and at the defined check-in intervals. When you push a Baseline to a device, Workspace ONE UEM stores a snapshot of the device settings. How Do I Control the Assignment of Baselines?You can limit the assignment of the Baseline using the Exclusions tab of the Assignment dialog box. You can designate smart groups to exclude from the assignment. Baselines ManagementYou can manage your Baselines from the Baselines list view, found in the console at Resources > Profiles & Baselines > Baselines. From here, you can edit, copy, and delete existing Baselines.
You can see which Baselines are applied to a device in the Device Details page. Example of How To Copy a BaselineHere is a general example of how you can copy an existing Baseline and update the Managed By field to move the Baseline to a child organization group.
Baselines Compliance StatusEnsure that your device follows the Baselines with the Baseline compliance status. Find the Compliance Status in the console at Resources > Profiles & Baselines > Baselines, select the Baseline, and see the Compliance Status card. The Baseline Compliance Status card shows when devices are compliant, intermediate, non-compliant, or not available. Note: Baseline compliance status only applies to Baselines created using the UI. You cannot see the compliance status for custom Baselines created using GPO backup files.
Querying Baselines for Compliance StatusesYou can query devices for Baseline samples to refresh the compliance status. To query a Baseline, begin in the Device Details view. Note: You can query the compliance status of a specific device but not multiple devices at once.
Verifying Compliance StatusIn the event a setting on the device does not match the Baseline, use the troubleshooting tab in Device Details to verify that Workspace ONE UEM received the device sample.
Creating BaselinesCreate a Baseline with templates or without them to configure your devices to industry-recommended settings and configurations. Workspace ONE UEM curates Baselines based on industry favorites including CIS Benchmarks and Microsoft's Windows security Baselines. PrerequisitesYour devices must be enrolled in Workspace ONE UEM and they must have the Workspace ONE Intelligent Hub installed. If you are publishing a custom Baseline using a GPO backup file, you must add the LGPO.exe to all devices that you want to assign a Baseline to. You
must install the EXE at Creating with TemplatesIf you want to use a GPO backup file to create your Baselines, use the template process.
Creating Your OwnIf you do not want to use a template, create your own Baselines without a template.
Which activity manages the baseline settings for a system or device configuration control reactive change management proactive change management change control?Which activity manages the baseline settings for a system or device? Configuration control is the management of the baseline settings for a system device. The baseline settings are designed to meet security requirements.
Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?To put it in the most basic terms, a computer system vulnerability is a flaw or weakness in a system or network that could be exploited to cause damage, or allow an attacker to manipulate the system in some way.
Which network device is capable of blocking network connections that are identified as potentially malicious?A firewall can block malicious traffic from entering your home network and alert you to potentially dangerous activity.
|