Merge pull request #18926 from Brenduns/zt-security-checks-intune

prmerger-automator[bot] · web-flow · commit c4035a0bc9b7 · 2025-10-13T22:58:07.000Z
Minor udpate to align to recent terminology decisions
diff --git a/intune/intune-service/protect/includes/secure-recommendations/24554.md b/intune/intune-service/protect/includes/secure-recommendations/24554.md
@@ -11,7 +11,7 @@ ms.custom: Intune-Secure-Recommendation
 # userimpact: Medium
 # implementationcost: Low
 ---
-If iOS update policies aren’t configured and assigned, threat actors can exploit unpatched vulnerabilities in outdated operating systems on managed devices. The absence of enforced update policies allows attackers to use known exploits to gain initial access, escalate privileges, and move laterally within the environment. Without timely updates, devices remain susceptible to exploits that have already been addressed by Apple, enabling threat actors to bypass security controls, deploy malware, or exfiltrate sensitive data. This kill chain begins with device compromise through an unpatched vulnerability, followed by persistence and potential data breach that impacts both organizational security and compliance posture.
+If iOS update policies aren’t configured and assigned, threat actors can exploit unpatched vulnerabilities in outdated operating systems on managed devices. The absence of enforced update policies allows attackers to use known exploits to gain initial access, escalate privileges, and move laterally within the environment. Without timely updates, devices remain susceptible to exploits that have already been addressed by Apple, enabling threat actors to bypass security controls, deploy malware, or exfiltrate sensitive data. This attack chain begins with device compromise through an unpatched vulnerability, followed by persistence and potential data breach that impacts both organizational security and compliance posture.
 
 Enforcing update policies disrupts this chain by ensuring devices are consistently protected against known threats.
 
diff --git a/intune/intune-service/protect/includes/secure-recommendations/24573.md b/intune/intune-service/protect/includes/secure-recommendations/24573.md
@@ -10,7 +10,7 @@ ms.custom: Intune-Secure-Recommendation
 # userimpact: Medium
 # implementationcost: Medium
 ---
-Without properly configured and assigned Intune security baselines for Windows, devices remain vulnerable to a wide array of attack vectors that threat actors exploit to gain persistence and escalate privileges. Adversaries leverage default Windows configurations that lack hardened security settings to perform lateral movement using techniques like credential dumping, privilege escalation via unpatched vulnerabilities, and exploitation of weak authentication mechanisms. In the absence of enforced security baselines, threat actors can bypass critical security controls, maintain persistence through registry modifications, and exfiltrate sensitive data through unmonitored channels. Failing to implement a defense-in-depth strategy makes devices easier to exploit as attackers progress through the kill chain—from initial access to data exfiltration—ultimately compromising the organization’s security posture and increasing the risk of compliance violations.
+Without properly configured and assigned Intune security baselines for Windows, devices remain vulnerable to a wide array of attack vectors that threat actors exploit to gain persistence and escalate privileges. Adversaries leverage default Windows configurations that lack hardened security settings to perform lateral movement using techniques like credential dumping, privilege escalation via unpatched vulnerabilities, and exploitation of weak authentication mechanisms. In the absence of enforced security baselines, threat actors can bypass critical security controls, maintain persistence through registry modifications, and exfiltrate sensitive data through unmonitored channels. Failing to implement a defense-in-depth strategy makes devices easier to exploit as attackers progress through the attack chain—from initial access to data exfiltration—ultimately compromising the organization’s security posture and increasing the risk of compliance violations.
 
 Applying security baselines ensures Windows devices are configured with hardened settings, reducing attack surface, enforcing defense-in-depth, and supporting Zero Trust by standardizing security controls across the environment.
 
