...
ConnectSecure has Active Directory GPO templates for the required OS (Windows 10, Windows 11, Windows Server 20222012, Windows Server 2016, Windows Server 20122019, and Windows Server 20192022) which helps in remediating major CIS controls.
...
Select a Windows 10 GPO and right-click on Group Policy Objects.
Select Import Settings, click Next → Next → select Select the shared backup file for the corresponding Windows 10 computer and user, and then click on Finish.
...
After updating the GPO's GPOs in the AD machine, we have to update the GPO policy in the linked AD machine.
Open Powershell as administrator and run the below command in the linked AD Windows 10 machine and linked Windows Server 2022 machine to update the GPO Policy
...
Download the GPO files for the preferred Operating System from the Compliance Remediation tab in the ConnectSecure Portal.
Delete the “Backup.xml” and “gpreport.xml” files from the Compliance GPO folder downloaded from ConnectSecure.
Eg. Before Applying GPO the Non-Compliant Count is 281 for Windows 10.
...
Note |
---|
Please try this at your own risk and try it first in the test instance and then install it in the production instance. Also please backup existing GPO to avoid any issues. |
...
Compliance Remediation Through Intune.
Log in to Microsoft Intune Admin Center. Then, navigate to Devices > Policy > Group Policy analytics (preview) > Import.
The dashboard displays the migration readiness analysis.
...
In Import Group Policy Object Select a file that has been downloaded from Connect Secure portal.
...
Select the downloaded compliance remediation Windows file from the Connect Secure portal.
...
Add Scope tags on the scope tags page if needed and click on next.
...
When delving into MDM support, you'll encounter a detailed inventory of settings derived from the Group Policy Object that are eligible for migration, as well as those that are not. Upon clicking the "Migrate" button, it will initiate the "Migrate Group Policy Settings to the Cloud" wizard.
...
Select the settings that need to migrate, or click the Select all on this page button.
...
The Configuration page shows the settings included in the migration.
...
Name the new configuration profile on the Profile info page.
Add Scope tags on the scope tags page if needed.
...
On the Assignments page, you can scope the configuration profile to all users or specific users in the organization. Click the Add Groups button to choose your Microsoft 365 groups.
...
Finally, review and deploy the new configuration profile containing the migrated Group Policy Object settings.
...
This completes the Compliance Remediation documentation for Workgroup machines.