Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.
The highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default.
When toggling on the Microsoft Security Baseline for Windows 10 21H2, Redmond urges admins to toggle on Defender for Endpoint’s tamper protection feature to protect against human-operated ransomware attacks.
Now available for download. Windows security baselines provide Microsoft-recommended security configurations which reduce Windows systems’ attack surface and increase the overall security posture of enterprise endpoints.
The Windows 10 21H2 security baseline is now available for download via the Microsoft Security Compliance Toolkit, and it includes Group Policy Object backups and reports, the scripts needed to apply settings to the local GPO, as well as Policy Analyzer rules.
More info on the changes that the new Windows 10 21H2 security baseline comes with is available in this Microsoft Security Baselines blog post.