Create a Windows 10 settings catalog from group policies using CIS Benchmark for Windows 10, Edge or Chrome

Microsoft have released new feature in Intune Service release 2204 (April 2022) that allows to create a settings Catalog policy using imported GPOs from Intune Group Policy Analytics, please note that this feature is in public preview so it can only get better from here ! you can learn more about functionality and official announcement here link.

In this blog, we will import the CIS Benchmark for Windows 10 21H2 Group Policies settings in Intune then covert to Settings Catalog. CIS Secure Suite membership is required to download automated build kits make it fast and easy to configure your systems in accordance with a CIS Benchmark. You can also download sample build Kit for free from here.

About CIS

As per the official Microsoft Document - CISbenchmarks are internationally recognized as security standards for defendingIT systems and data against cyberattacks. Used by thousands of businesses, theyoffer prescriptive guidance for establishing a secure baseline configuration.

You can download the latest CIS Windows Desktop Build Kit. (You will require CIS Workbench Membership). Alternatively, you can download the latest CIS Benchmark for free and configure manually configure settings in Intune using Administrative Templates or using Group Policies. To download free benchmark visit CIS Website here

1.Login to CIS Workbench Account and Download latest Windows 10 Desktop Build Kit.

2.Import the Group Policies to Intune GPO Analytics i.e browse to gpreport.xml within Group Policy.

3.The GPO will be imported within a seconds with status message - Import Completed. You may import all other GPOs.

4. You will notice all import Group Policies, please note that not all settings are supported by Intune. Also, some of the settings are not imported from the GPO that set the services state. You can click on MDM Support link to identify supported settings.

To import this in Intune,  Select the Group Policy and Click on Migrate.

6.You can click on Select all on this page or select the required settings, click on Next to visit next page. Then click next.


7.On Configuration tab, review all settings and  Click Next.


8.       On Profile Info Tab, enter the meaningful name and description as per your organisation standard and click Next.


9.On Assignments tab, select existing group to assign policy.

10.On Review + Deploy tab, verify all details, and click Deploy.


11.  You will be redirected to Configuration Profiles tab, search for the Settings Catalog by entering name in the search bar.

12.   After assigning policy to the group, you will see how many devices have succeeded that policy to be deployed in their devices. You can click on Device assignment status or per setting status to view more details.


Further Reading



Popular posts from this blog

How to enable iOS unmanaged apps to read managed contacts & write unmanaged contacts without compromising security using Microsoft Intune

How to deploy Application (offline installer DMG) on Apple MacOS Devices using Microsoft Intune

ConfigMgr CB Backup Failing