一键导入
windows-11-security-baseline
Guidance for the Windows 11 enterprise security baseline — Microsoft's recommended security settings deployed via Intune (Settings catalog / security baselines) or GPO. Covers core hardware-rooted controls (TPM 2.0, Secure Boot, virtualization-based security / VBS, Hypervisor-Protected Code Integrity / HVCI, Memory Integrity, Credential Guard, Local Security Authority protection), Windows LAPS (Microsoft's modern local admin password solution, replacement for legacy LAPS), Smart App Control, Personal Data Encryption (PDE), Windows Hello for Business deployment, controlled folder access, exploit protection, BitLocker baseline, app control with WDAC, removable storage controls, and integration with Intune compliance and Defender for Endpoint. WHEN: Windows 11 baseline, Windows security baseline, VBS HVCI Memory Integrity, Credential Guard, LSA protection, Windows LAPS, replace legacy LAPS, Smart App Control, WDAC, exploit protection, PDE Windows 11, Intune security baseline. DO NOT USE for endpoint EDR config (
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。