Windows-itpro-docs: Which settings are not recommended for virtual machines?

Agree this needs more information.

@sveinungre thank you for reaching out and helping improve MS Docs. This article was updated this week with new information. Please have a look and let me know if you have any further questions.

Hello
I'm sorry but I cannot see any changes. I would expect the article to list exactly which settings that are not recommended for VMs. I am guessing the BitLocker encryption method and maybe device guard settings. Did I miss something in the new article content? Thanks.

@sveinungre does this link help - https://docs.microsoft.com/mem/intune/protect/security-baseline-settings-defender-atp?pivots=atp-sept-2020

@sveinungre We appreciate any feedback that improves the content in the Microsoft docs but we haven't had any response from you so we are going to close this issue.
Please feel free to re-open this issue if there is a specific area of the docs that we can improve. Thank you.

Hello
The link provided and current documentation does not address my statement: I would expect the article to list exactly which settings that are not recommended for VMs. I am guessing the BitLocker encryption method and maybe device guard settings. Did I miss something in the new article content? Thanks.

Just to throw in "my 2 cents" on how I interpret your request and contrast it with the documentation. (I could easily have misread your views.)

1. This baseline is optimized for _physical_ devices (as you already have pointed out)
2. Certain baseline settings can _impact remote interactive sessions_ on virtualized environments.
3. The Microsoft Defender Advanced Threat Protection baseline is available when your environment meets the prerequisites for using Microsoft Defender Advanced Threat Protection.
4. It's important to note that Azure AD registered devices is not supported in this scenario. Only Intune enrolled devices are supported.
5. The implementation of Conditional Access in Microsoft Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies.

Mmm, what I'm looking for are the exact settings. The reason is that some customers they really want to follow Microsoft best practise and use security baselines, however in the case of virtual machines they would need to know the extact settings so that they could still use the security baselines but then change those extact settings to avoid issues on virtual machines. The article is just dodging the real question, what exact settings are not recommended or would impact virtualized environments? 3-5 is not relevant for my case.

Fair enough. I just think that it can be difficult to list recommended settings, because the settings may differ between the unknown amount of scenarios the various sites need to deploy to make it work for them. In an ideal world, it would be a much narrower field of options, but the way I see it, it may just be too many different scenarios for Microsoft to be able to recommend a strict set of rules and settings. I could of course be wrong, so if I am clearly mistaken, I presume one of the MS Docs team members will suggest a recommendation for you. I just don't know enough to narrow it down for you. I can only wish you the best and hope for a solution to emerge.

We need to go back to the roots of my comment, so when they state that its not recommended ("The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments."), then it means they know that some configuration impact virtual environments which means someone knows the configuration involved, I mean its not based on just a hunch, someone knows this somewhere. So bringing me back to my point, why not just provide us that information to help all the Microsoft customers eagerly using Microsoft products and security baselines :)

@sveinungre Please consider opening a product feedback ticket for any of your suggestions or feature requests to help Microsoft improve your experience, you could add your feedback via the Microsoft Windows 10 Feedback Hub. You might find others have made a similar request that you can add to, or you can open a new one.
Thank you for your contribution to make the docs better! Much appreciated!

@sveinungre : I approve of the suggestion above. Even though you do have a fair point, it is better to hand that suggestion to the developers, who should be made aware of the request as you see it. Thank you.