With the release of Windows 11 comes the release of the security baseline package for the new operating system. This is something you can enable after installing the operating system to your supported computer, and it doesn’t take a lot of effort to get done either.
Windows 11 Security baseline
To move forward, you will want to download all the essential data from the Microsoft Security Compliance Toolkit which you can download from Microsoft. From there, you should test the recommended configurations, according to Microsoft. Also, you will want to customize and implement as appropriate for your needs.
Now, we’ve come to understand that two new settings have been included for this new release. They were initially added to the Windows Server 2022 release, so some users may already have ample experience with them.
The new settings in question are a custom setting for the printer driver installation restriction and a new Microsoft Defender Anti-virus setting. Interestingly enough, the software giant has removed all Microsoft Edge legacy settings from this release.
Restrict Driver Installations
Microsoft says it had released a patch for CVE-2021-34527 (PrintNightmare) back in July of this year. The company then added a new setting to the Microsoft Security Guide custom administrative template designed for SecGuide.admx/I (Administrative Templates\MS Security Guide\Limits print driver installation to Administrators). The enablement was then enforced to ensure better security.
Script Scanning
In the past, script scanning was basically a parity gap between Group Policy and MDM. The gap is no longer a factor due to its closure, so now Microsoft has decided to enforce the enablement of script scanning.
Tamper Protection
Microsoft Defender for Endpoint’s “Tamper Protection” is something you should turn on during the processing of activating the Microsoft Security Baseline for Windows 11. When this is done, you’ll be adding an extra layer of protection against Human Operated Ransomware.
Microsoft Edge Legacy
Like the Internet Explorer web browser that came before, Microsoft Edge Legacy is dead and gone. Support ended on March 9, 2021, so it was not released as part of Windows 11. Because of this, the settings that supported the old web browser are now gone from the baseline. As it stands right now, you should use the Chromium version of Microsoft Edge instead.
You can the details on Microsoft.com.
