Microsoft has published a warning about a problem in its Intune management software that stops customizations from being saved. Stemming from an issue in the security baseline policy update flow, an update can wipe out settings that have been put in place by administrators.

Although Microsoft has acknowledged the problem, the company is currently working on working out how to address it. In the meantime, Intune users are being told to use a workaround that could prove to be time-consuming for many.

Touted as an alternative to the discontinued WSUS (Windows Services Update Service), Intune provides cloud-based management options for deploying policies and updates. The issues that Microsoft has acknowledged means that if an administrator has implemented changes to the security baseline configuration, these customizations may be lost during the update process.

The company explains the issue on the Intune Tech Community:

We’ve recently identified an issue in the security baseline policy update flow where customizations made, which differ from the security baseline recommended value, aren’t retained during the update process. This issue affects customers who are updating their baseline version to a more recent version. For example, updating the security baseline from version 23H2 to version 24H2.

It is difficult to downplay the impact that erasing security settings. Administrators who have made changes to baseline settings have done so for very specific reasons, and the prospect of having to re-implement these changes is hardly one to be relished.

And yet this is precisely what Microsoft is expecting affected InTune users to do. Having failed to come up with a fix or automated solution, the company says that users will need to manually put their scenario-specific customizations back in place:

While we work on the fix, we recommend that admins manually reapply their customizations after updating their baseline policies. Review Update a profile to the latest version in the Microsoft Learn documentation for information on the baseline update process.

Microsoft has not given any indication of how long it anticipates it will take to address the issue, but in the meantime admins will have to spend some time making sure their settings are as they should be.