Hi Guys I opened a case with Rapid7 support for CIS Windows 11 Intune benchmark not recognizing CIS Windows 11 Intune Multi-session OS assets operating system. There seems to be a gap in policy coverage but I am not getting a straight answer from support. Do any of you use Windows 11 Intune Multi-session OS in AVD and if so did you manage to scan it for for CIS compliance
1 Like
Any updates on this one?
Yes, after some ping pong with support trying to look for a problem on my side, they found a problem on their side and provided a workaround - it works:
The regex in place to check against the microsoft current version is this expression:
^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 11[a-zA-Z0-9\(\)\s]*$
we then accurately pull the version from the target machine "Microsoft Windows 11 Enterprise multi-session"
the issue is that the "-" in multi-session is breaking the regex.
I will get an engineering ticket opened to address this but in the meantime you can create a custom copy of the benchmark and edit the CPE check with this regex pattern
^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 11.*$
the steps for this are to create a copy of the benchmark > click the pencil icon beside the CPE string > select test "windows 11 is installed > edit test > replace caption with the above regex > save > save > rescan with custom policy selected