We're transitioning from group policy to Intune for device configuration and previously relied heavily on HardeningKitty for validating that our security settings were properly applied and for identifying any recommended settings we might have missed. However, since HardeningKitty doesn't support Intune yet, I'm curious about what other tools you all are using to validate or benchmark your endpoints against security baselines while using Intune to push out these settings?
1 Answer
If you're looking for CIS compliance, they've got some tools that might help. Check out CIS-CAT Lite; it's capable of scanning a few Windows baselines on local devices. The pro version goes deeper if you need it. I've found the Lite tool pretty handy for checking a standard build laptop with CIS controls.
But does that really work with Intune settings? I thought Intune doesn't modify registry keys, so how would those tools validate anything?