Intune security baseline best practices Intune supports security baselines for Windows 10/11 device settings, Microsoft Edge, Microsoft Defender for Endpoint Protection, and more. Go to Security baselines. . Apr 2, 2024 · OpenIntuneBaseline is a GitHub repository created by SkipToTheEndpoint, a community-driven effort to provide a comprehensive baseline configuration for Intune. Some examples: Security baselines: On Windows client devices, security baselines are security settings that are preconfigured to recommended values. Nov 19, 2024 · Security baselines in Intune are a set of predefined security configurations based on industry standards and best practices, aimed at ensuring the security of devices and data within an Can you share best practices from experience? i. Managing browser extensions in Edge with Intune. What's your take? Aug 19, 2024 · Note. Provide a name and description for the baseline profile. Disable fast startup using a script, not sure why this isn't available as a configuration. I have gotten working demos of most of the baseline stuff going right now and I am moving on to the Endpoint Security aspect of Intune/MEM/Defender for Endpoint. But what about creating a security baseline profile automated and assigning the profile to a user group. , laptop baseline, kiosk/digital signage baseline, engineering PCs baselin, etc. May 30, 2024 · First, navigate to the Intune portal and the endpoint security tab. Windows 10; Windows 11; Windows Server 2012 R2 or later (through the Microsoft Defender for Endpoint Security settings management scenario) Any supported version of macOS I'm at the stage in my company where I can start focusing on security best practices for our Windows clients I've implemented some of the more basic hardening steps: no local admin access for end users MFA for login Login tracking via Azure/Intune 3rd party AV/Anti-malware Blocked powershell Mar 22, 2023 · Last week I was troubleshooting Wireless Display connectivity not working on our Intune-managed Windows configuration and of course after dis-assigning Windows Security Baseline it worked. When available, the Apr 5, 2022 · One of the most important requirements for organizations that wish to use Intune is the security baseline of the device. This means that you can now automatically deploy this baseline with DCToolbox (or create your own JSON templates). Join the Intune product team and engineers responsible for device security in this security-focused Ask Microsoft Anything session! Post your questions in the Comments below. Use the Intune Policy Pack for Windows 10 What are some of your best practice tips when it comes to these technologies - I’m thinking from a M365 Business Premium to start with. I’ll try to outline some of the best practices when configuring Windows devices using Endpoint Manager. Jan 25, 2024 · Here are some steps to create a security baseline in Intune: Select Endpoint security > Security baselines to view the list of available baselines. Recommended security best practices and baselines. ASR config Network Protection Sep 30, 2023 · Setting the default search engine in Edge with Intune. Thank you, thank you, thank you. Now however im trying to exclude some devices from the baseline, and for that reason I have created another security group that contains 6 devices and I have changed the policy so the group with the 6 devices are excluded. When a new baseline version is available, we can migrate already existing security profiles to the new baseline version. We updated the security baseline for Microsoft Edge to the latest available group policy version (Edge v112). Hardening with Intune Security Baseline for Modern Device Management Practices, Enterprise Mobility and Can you share best practices from experience? i. When a new profile becomes available, it uses the same name of the profile it replaces and includes the same settings as the older profile but in the newer settings format as seen in the Settings Catalog. Aug 1, 2022 · The best practices and recommendations for settings that affect security are part of a security baseline. Configure settings with insights. A security baseline includes the best practices and recommendations for settings that impact security. Login to the Azure Portal and go to the Intune blade. Antivirus policy includes several profiles. To create a security baseline profile automated you need to create a new instance. The settings in this baseline are taken from the version 23H2 of the Group Policy security baseline as found in the Security Compliance Toolkit and Baselines from the Microsoft Download Center, and include only the settings that apply to Windows devices managed through Intune. This compares to • Enrolled a device to Intune **Disclaimer** This guide is meant to provide best practices for policy creation and implementation of Intune. In this blog post, I am going to demonstrate how we can use security baseline policies to enforce security settings. This post will walk you through the streamlined process of deploying Microsoft Edge security policies to all your devices in just 2 minutes . Intune includes several features that cover scenarios that might interest you. When you configure your endpoint policies, try to start with security baselines, Microsoft’s recommended best practice configuration. Click on the security baselines tab, right under all devices 👇; From here, make sure to pick the correct baseline. I have antivirus, firewall, bitlocker all configured and working. 09. Best recommendation is to use Microsoft's documentation or talk to a certified a Microsoft partner. The security guy wants to create a baseline for each policy, i. Create a new config, go to the section for the app you want to configure i. They help ensure that devices are configured correctly and that they meet the organization’s security requirements. I just have a couple of questions, Although it says Windows 10 security baseline, would these settings be ok to use in Windows 11? Sep 20, 2023 · In this article. With our web-based no-code application portal, you can deploy security baselines and monitor ongoing drift using a single unified dashboard. In Intune, select Endpoint security > Security baselines, and select a security baseline type like the MDM Security Baseline > MDM Security Baseline for Windows 10 and later for November 2021 When creating the initial Windows baseline, substantial data analysis was carried out over well-known security frameworks, such as: NCSC Device Security Guidance; CIS Windows Benchmarks; ACSC Essential Eight; Intune Security Baselines for Windows, Edge & Defender for Endpoint; Microsoft Best Practice Jun 26, 2023 · This post is a best-practice and recommendation source without any liability. The Intune Configuration spreadsheet will help you in your Intune design work. Updated Edge baseline content. This baseline could encompass standard business practices or requirements, such as the necessity for security software like Windows Defender or CrowdStrike on all devices. Intune also introduced a new update process for migrating an existing security baseline profile to a newly released security baseline. The restored Security Baseline is named Windows Business Baseline Policy and can be viewed here: Endpoint security -> Security baselines -> Security Baseline for Windows 10 and later There are a few settings that have been removed from the Security Baseline to improve functionality in a business environment. Intune compliance policies help organizations govern the compliance of both users and end user devices. Thanks for your support! Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to be a good “baseline” for most small and mid-sized organizations. Apr 10, 2023 · A security baseline includes the best practices and recommendations on settings by Microsoft that improves the security posture overall so it is a no brainer to implement it. To view these insights, sign in to the Microsoft Intune admin center, go to Endpoint security > Security baselines and select a security baseline type like the Security Baseline for Windows 10 and later. macOS Compliance Policy - Maximum minutes of inactivity before password is required Feb 22, 2024 · I wanted to get a little clarification on some best practices for using Security Baselines in Intune. Mar 26, 2024 · After you update a profile to the current baseline version, you can edit the profile to modify settings. It is meant to be used as a template, but the policies defined will not be the same in all use cases. Implementing a That one is working fine, I have a security group with all our devices and the policy is pushed out fine. PUA Protection Apr 6, 2023 · At CoreView, we have spent years perfecting a security baseline that can help ensure maximum compliance under most regulatory scenarios for Microsoft 365 and Intune. This is done by enforcing password policies, device lock characteristics, and disabling certain device functions (e. Apr 3, 2024 · Microsoft have released an updated Endpoint Security Baseline for Windows 10 and later. Hybrid IT architectures and remote work strategies have greatly expanded the size of the IT estate that must be protected. You may also be interested in one of my other posts: * Tranisition to modern Endpoint Management * Intune challenges * A full series on everything about Intune Mar 26, 2024 · Security baselines in Intune are preconfigured groups of settings that are best practice recommendations from the relevant Microsoft security teams for the product. Table 1 compares the Microsoft 365 and Intune Security Baselines: Mar 5, 2023 · Intune supports security baselines for Windows 10/11 device settings, Microsoft Edge, Microsoft Defender for Endpoint Protection, and more. An Intune best practice is using compliance policies to set rules your business must 6 days ago · Sign in to the Microsoft Intune admin center select Endpoint Security > Security Baselines. 2020 Microsoft Edge baseline - September 2020 Windows 365 Security Baseline - 21. I started reviewing the various parts of Endpoint Security in MEM. Intune Security Baselines are pre-defined groups of settings that represent Microsoft’s recommended best practices for securing devices and applications. They offer a standardized approach to enhancing device security and often align with regulatory compliance standards. The guidance has been created for Entra ID Joined (Azure AD Joined) devices and not Hybrid Entra ID Joined devices, which alligns with Microsoft’s best practices. Feb 8, 2024 · Establishing a baseline compliance for the entire business, regardless of individual roles, is a crucial first step. I'm thinking I want to create baselines on categories of devices, i. 2021 and still in Preview. This baseline includes a collection of recommended settings, policies, and best practices for securing and managing devices in an enterprise environment. The next step in the process is to assign a security baseline to the Microsoft Edge environment. We use the Baselines to quickly set up our endpoints and then go to the specific fields later on to get more granular control and migrate the policies from the baseline to the specific function. If you are new to Intune and don't know where to begin, security baselines can help. I exported the list of exposed devices from defender and noticed that these devices have successfully received the security baseline. As such, giving these Security Baselines a thorough audit and considering them as starting points is very much a best practice. I agree there is to much overlap for the Defender for Endpoint baseline, i try to use other settings to cover that. , untrusted certificates). Also the challe Nov 30, 2022 · Intune compliance policies are an important part of any organization’s security strategy. Setting Standard Security Configurations. Although the baselines cover a lot of standards-based security configs, it may make sense to use the Security Baseline or the Defender for Endpoint baseline profile. It’s easy to create a Configuration Profile from a MDM Security Baseline in Intune. ITProMentor has an Intune guide as well. Primarily in relation to Microsoft Edge and Microsoft 365. In this video, you are going to learn about Intune Security Baseline Decoded Easiest option to setup security policies for your organization. They have become quite a mess with the other changes to intune. Sep 10, 2024 · Baseline default: If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell. By default, each security baseline is configured to meet the best practices and recommendations for the settings that affect security. Chrome Browser quick start (Windows) Chrome Browser Deployment Guide (Windows) Chrome Enterprise Core guide; Download Discussion, issues, best practices, and support for lawyers practicing either solo or in a small firm. Feb 23, 2022 · Creating a security baseline profile through the portal isn’t that hard. Apr 16, 2021 · Basic security (Level 1) – Microsoft recommends this configuration as the minimum security configuration for supervised devices where users access work or school data. Nov 26, 2020 · Version 7 of this baseline was the first version with DCToolbox automation support, and version 15 was the first to change deployment model to use the Conditional Access Gallery. Jul 15, 2019 · Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available. 5. Learn more. Jul 31, 2024 · In May, 2023, Intune began rollout of a new security baseline format for each new baseline release or update. Dec 24, 2020 · In other words, again, these can act as a starting point—even in specialized industries that require additional security configurations. Groups in Microsoft Entra ID (formerly Azure AD) come in several flavors: Microsoft 365 Groups (comprised of Users only) Mar 15, 2021 · Here’s the reasoning behind some of the less intuitive settings. Please ensure the enterprise grade system security strategy with your CISO and consult other professionals when you want to build up PAWs. When a security baseline setting no longer applies to a device, or settings in a baseline are set to Not configured, those settings on a device might not revert to a premanaged configuration depending on the settings in the security baseline. My take is smaller changes, smaller breaks. Take advantage of virtual groups and filters to help refine the scope of your Azure AD groups, and keep these best practices in mind: Use Intune virtual groups that don’t require Azure AD syncing. Name your baseline according to your naming convention. This checklist will cover the basics. Manage settings to reduce security threats to your enterprise; Manage security for your users' personally identifiable information; Evaluate how security and privacy relate to Chrome management and performance; Related topics. Click on Create profile to start configuring the baseline. E. Enforce strong password policies; Enforce password age & history requirements’ Configure keychain to be automatically locked in case of inactivity; Block the root account; Block auto-login; If possible use Security Baseline - Current baseline November 2021 Defender Baseline - Last Update 12. Create a compliance policy. Oobe Enable Rtp And Sig Update Baseline default: If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE. May 21, 2024 · By default, each security baseline is configured to meet the best practices and recommendations for the settings that affect security. Nov 22, 2021 · Hopefully, you will be able to incorporate some of these recommendations when creating and managing assignments in Intune. When available, the setting name links to the source Configuration In Endpoint Security under Manage. May 31, 2022 · Yes, I will get that added on ASAP. A second policy controls whether enhanced privilege protection is applied to admin approval mode elevations. Apparently the problem is that each baseline policy has a bunch of other settings that are not shown in the UI and cannot be changed, except by Microsoft when they update the baseline. Microsoft Edge baseline for November 2023 (Edge version 117) For information about the most recent baseline versions and settings from Microsoft, including versions of this baseline that might not be available through Intune, download the Microsoft Security Compliance Toolkit from the Microsoft Download Center. Dec 6, 2022 · In this article, we will discuss 10 Intune policies best practices that organizations should consider when setting up their Intune policies. By following these best practices, organizations can ensure that their Intune policies are effective and secure. Explore defaults, customization, and best practices that enable you to “lock down” Windows in your environment. For Intune projects, consultants face challenges in documenting many settings for various OS platforms and, after implementation, handing over Intune configuration to the operations team. I usually go for the Windows 10/11 baseline and in some cases the Edge baseline as well. Enter a name and description for the profile, and then Jan 17, 2022 · Overall, security baselines in Intune are very quick and easy to configure. Comparison. Security baseline policies differ from all other policies in Intune because they already have best practice settings enabled. Microsoft Intune Endpoint Security makes it very easy to define and assign compliance policies to machines registered in Azure AD directly or through a hybrid configuration. Use Windows Update for Business for software updates Jan 27, 2024 · Security Baseline policy for Windows 10 and later. But when I add a security baseline, they go into conflict and put anything under Manage that was green into conflict also. There are multiple areas where policies are managed for these apps: Intune; Microsoft 365 Apps Admin Center; Microsoft Edge (Located in the Microsoft 365 Admin Center) Aug 20, 2024 · Configure the Baseline Profile. Jan 11, 2023 · To see the configuration as it stands now open up InTune and go back to your security baselines and edit the profile you created. Nov 10, 2022 · Security Configurations. Our product and engineering teams are here to help you stay ahead of evolving threats with Windows. Root Jun 20, 2024 · Intune’s security baselines allow the deployment of recommended security settings to your Windows devices managed in Intune. Microsoft 365 SMB Best Practices Checklists - ITProMentor - The excel has an Intune Checklist and some Conditional Access examples. On the Configuration settings tab, view the groups of settings that are available in the baseline Aug 8, 2024 · I’m sharing my Intune design and architecture experience in this post. Prerequisites for Firewall profiles. Click on the baseline, and click create profile. In that article you'll also find information about how to: Change the baseline version for a profile to update a profile to use the latest version of that baseline. Beginning in April 2022, new profiles for Attack surface reduction policy have begun to release. The security baseline will be updated by Microsoft multiple times a year (frequently after a release) and if you want to change a setting you have to migrate to the newest baseline. The Microsoft cloud security benchmark provides recommendations on how you can secure your cloud solutions on Azure. Are the Security Baseline settings regarding the local administrator account only applicable to the built-in Administrator account? Is there any Security Baseline restriction prohibiting creating new local administrator accounts with a different SID, keeping those custom admin accounts enabled and managing the passwords for those accounts with Navigate to Endpoint security. Azure Virtual Desktop recommended security practices; Security baseline for Azure Virtual Desktop based on Azure Security Benchmark Jun 17, 2024 · Description Categories; macOS Compliance Policy - Block Simple Passwords: ACCESS CONTROL, CONFIGURATION MANAGEMENT. However, the baselines can be restrictive, so general rule of thumb is to test the settings before rolling them out in production. Look for the new Security baselines in the menu. It is a paid resource but I found it really useful as it guides you through the checklist step by step. Microsoft Intune for Microsoft Windows This CIS Benchmark is the product of a community consensus process and consists of secure configuration guidelines developed for Microsoft Intune for Microsoft Windows. Regarding best practices, you can revoke local administrator rights for your users across all endpoints and then manage admin account passwords with a security tool that does both of these things from a central location. , one for BitLocker, one for Lock screen, etc. CIS Benchmarks are freely available in PDF format for non-commercial use: Download Latest CIS Benchmark Included in this Benchmark The settings in this baseline are taken from the version 23H2 of the Group Policy security baseline as found in the Security Compliance Toolkit and Baselines from the Microsoft Download Center, and include only the settings that apply to Windows devices managed through Intune. You can use security baselines to rapidly deploy a best practice configuration of device and application settings to protect your users and devices. Onedrive, Edge, then go through them one by one so you learn what is possible and then have a play. These baselines are designed to streamline the process of implementing security configurations across devices, reducing the burden of manual configuration and ensuring a consistent security Aug 22, 2024 · When you monitor a baseline, you get insight into the security state of your devices based on Microsoft's recommendations. In this case, we will create a Windows 10 or later baseline click on Security Baseline for Windows 10 and later and click on + Create Profile. e. Select a baseline in the list and create a new profile from that. Just checking before I put in the work as I don't have a CIS membership (can only get the PDF). So it's not really a "best practice" problem. Because there is a Edge Baseline available in Microsoft Endpoint Manager and we are using this as a base security layer for Edge this would be nice to try and create this for Google Chrome as well. To deliver a true modern workplace these topics may be considered. On the Basics page, provide a Name > Next. In the left-hand menu, select Endpoint security. Now, we are at the interesting part! By default, all Aug 19, 2024 · Intune Endpoint security Antivirus policies can help security admins focus on managing the discrete group of antivirus settings for managed devices. To create a new instance use the Graph API URL below. There are differences between the guidance provided by NCSC, CIS, and Microsoft’s pre-configured security baselines for Intune. Dec 5, 2018 · Would also recommend The EndPoint Zone with Brad Anderson on YouTube where he discusses Intune in several episodes. In this article, we’ll discuss 10 best practices for creating and managing Intune compliance policies. Introduction In my blog posts I often mention the Microsoft Security Baselines and the Microsoft Security Configuration I am just about to start migrating 200 devices over to Intune via Autopilot and i am looking to use the Windows 10 security baseline. You must access to policies and configuration you will need for your customers environment and make Jul 26, 2022 · Monitoring the profile gives insight into the deployment state of your devices, but not the security state based on the baseline recommendations. So: Oct 1, 2024 · Located in the security template at Security Options\Behavior of the elevation prompt for administrators in Enhanced Privilege Protection Mode, the baseline configures this setting to Prompt for credentials on secure desktop. Security baselines represent pre-configured sets of security settings derived from Microsoft's security recommendations and industry best practices. g. Aug 21, 2024 · Manage security baseline profiles: Use the security baselines in Intune to help you secure and protect your users and devices. Customize the settings as needed to fit your organization’s requirements. For more information, see Security baseline for Microsoft Edge version 112. Aug 25, 2019 · But as new windows versions come, there will be new baseline versions. Remember to regularly review and update security baseline policies to adapt to evolving threats. Security baselines are supported for devices that run Nov 29, 2021 · The security baselines are a great way to implement best practice security recommendations for your Intune-enrolled endpoint devices. Here's a link to start configuring security baselines: Jan 31, 2019 · How to create and assign a Configuration Profile from a MDM Security Baseline. 0 to Azure Virtual Desktop. I see you can set policies for Antivirus, Disk Encryption, etc under the manage section of Endpoint Security. It can help your organization secure and protect your users and devices with granular control over their security configurations. My personal opinion is the Defender for Endpoint baselines within Intune Baselines are a quick deployment, but don’t have the same control as setting them individually via each security blade. There are general best practices guidelines for general business use but the rest really depends on your industry, security and compliance regulations. 1. Select Windows 365 Security Baseline Version 24H1. For more information about the following settings that are included in this baseline, download the Security Compliance Toolkit and Baselines from the Microsoft Download Center, and then review the Microsoft 365 Apps for May 21, 2024 · By default, each security baseline is configured to meet the best practices and recommendations for the settings that affect security. My client is looking for a comparison of the latest Windows11 23H2 security baseline recommendations from Microsoft (for Intune managed devices) vs CIS. Security Baseline for Windows 11; Review the default settings provided by Microsoft. Privileged Access Management solutions do exactly this. These hidden settings are not coordinated between the baselines, and the conflicts are not always reported accurately. If you're new to securing devices, or want a comprehensive baseline, then look at security baselines. In the configuration settings search for PIN, and the section for May 30, 2023 · A screenshot of the Microsoft 365 Apps for Enterprise Security Baseline in Intune. Recovery key file creation, configure BitLocker recovery package, and hide recovery options during BitLocker setup are configured As a default setting, each security baseline is configured to meet the best practices and recommendations affecting security. Jul 31, 2024 · Remove a security baseline assignment. To learn more about using security baselines, see Use security baselines. Under Endpoint security, click on Security baselines. These suggestions come from advice and a lot of experience. A subreddit for the business and practice of law, catering to lawyers without the support network of a large firm, and **not** generally for legal analysis or substantive case discussion. And the inflexibility is just a pain if you have a big environment. Each profile contains only the settings that are relevant for Microsoft Defender for Endpoint antivirus for macOS and Windows devices, or for the user I have been looking through Defender and the security recommendations. The settings are based on CSPs, and each CSP can handle the Jul 1, 2024 · Security Baseline for Windows, version 23H2. May 21, 2022 · Best practices configuring Windows devices. Jan 17, 2024 · In my opinion, the OpenIntuneBaseline offers a perfect blend of security settings across the Intune stack. Oct 1, 2024 · Need to understand the best practices for device security and conditional access? Security is critical for all organizations to understand and deploy for all platforms. Jul 19, 2022 · Because the settings catalog is general available, It is good to have a look at all the settings we can set for Google Chrome or the settings which are not available (yet). In the real world you cannot deploy the best sometimes. Just go to EP security within Intune and set your ASR policies there under the Attack Surface Reduction settings. I'm wondering what the general consensus is about using baselines or smaller configuration profiles. This security baseline applies guidance from the Microsoft cloud security benchmark version 1. The security baseline for Microsoft Edge Jan 29, 2021 · When working in Microsoft Intune, how do I determine whether to assign policies to devices or users? Before we describe the best practices here, I think it is important to review a little bit of information about security groups. Jun 27, 2024 · Securing Laptops with Microsoft Intune; Best Practices and Useful Rules for Microsoft Intune; For example, a security baseline might enforce device encryption, enable firewall protections, and Sep 13, 2024 · Microsoft 365 Apps for Enterprise for security baseline version 2306. Firewall Configuration Jun 6, 2024 · Have questions about the latest security features and updates for Windows 11? Learn how to better protect your data and identities. Intune partners with the same Windows security team that creates group policy security baselines. Hope that helps! If I have answered your question please like and set as the solution. The purpose of the antivirus policy is not to configure a 3th party antivirus solution , but it's meant to configure Microsoft Defender. I have updated my Best Practices repository to include the new template JSON file here: the older JSON file he… Windows Security Baseline (for use with ACSC Windows Hardening Guidelines) Microsoft provides a Windows Security Baseline (currently version 23H2), which is comprised of groups of pre-configured Windows settings that help you apply and enforce granular security settings that are recommended by the relevant security teams within Microsoft. These settings are based on security best practices and recommendations. One of the recommendations is to "Block Office applications from creating executable content," which we already have set in the baseline. Set rules with compliance policies. Intune works with the same Windows security team that makes security baselines for group policy. On the Create a profile pane, select Create profile > Create. May 14, 2024 · Windows 11 Security Baseline Best Practices I covered some of the core concepts of security baselines back in April in my Workspace ONE Admin Guide to Intune: Security , but now we will focus on how we should be handling them. These recommendations are based on guidance and extensive experience. With Intune, you can easily create and enforce baseline security policies to keep the corporate MacBooks secure. Some of my thoughts: Security Baselines Reporting and alerts from Security Centre Intune Configuration policies based off Defender for Endpoint recommendations. Choose the security baseline you want to deploy. 10. This baseline version was first made available in November 2023, and replaces the May 2023 version. They therefore offer a good opportunity to implement the best practices for registered devices. Feb 11, 2022 · Here, we analyze the core features in Windows 11 baseline security, its implementation, what’s new in security updates, and what’s gone. This article explains the guidance from each organization, while providing a gap analysis between the baselines. Mar 7, 2024 · Review Microsoft Defender for Cloud Secure Score to improve the overall security compliance of your Azure Virtual Landing Zones. We Find the endpoint security policies for firewalls under Manage in the Endpoint security node of the Microsoft Intune admin center. 4. Select a baseline and create a profile. May 26, 2023 · If you want to learn more about Intune security, We already have a video – Intune Security Baseline Decoded Easiest option to set up security policies for your organization. Securing an enterprise is a tall order today. With Intune compliance policies, businesses can: Dec 22, 2022 · Introduction This post is a summary of brief descriptions to technical Intune best practices. rhjf gnb wygak lyj rck gbpjwxej mrbl dkv aizh xasqro