This is the last part in the series around the CIS (Center for Internet Security) benchmark for Windows 11, and we’d like to say that we’ve saved the best post for last, but we’d be lying. Surely the Level 2 settings can’t be worse than the Level 1?

I’m not sure what I’m doing playing around with Power Automate, but here we are. Like many people, I have a habit of forgetting to set an Out of Office message when I’m actually on holiday, or when I’m working with customers. Let’s see if we can make something do this for us.

When did Microsoft go all covert ops (maybe don’t answer that question) and start making changes to your very own Firewall Rule policies in Microsoft Intune without letting anyone know? Or did they?

The impact of the CIS settings on BitLocker and Windows Autopilot now done and dusted, we should broaden our horizons and start to look at what other problems the CIS level 1 benchmark brings to Windows 11 as a whole. Are there any? Will it be smooth sailing? Yeah, no.

So Microsoft released Windows Autopilot Device Preparation, or more commonly known as APv2, into General Availability a little while ago. So with this production release we should be able to name our corporate owned Windows devices right Microsoft? Right?

With the CIS BitLocker and associated DMA settings reviewed and updated, now is time to delve into the Windows 11 specific settings that exist in the CIS Level 1 benchmark. What issues do they bring to Windows Autopilot, what solutions can we find? Honestly, who knows.

Everyone loves a security benchmark, and with the imminent move to Windows 11 for everyone, the Center for Internet Security released version 3.0.1 of theirs, including a build kit for Microsoft Intune, but what does this build kit break for BitLocker encryption?