Microsoft released the final version of its security configuration baseline settings for Windows 10 Version 1909 and Windows Server Version 1909, and also announced the removal of Exploit Protection settings and explicit enforcement of 30-day account password expiration for domain-joined devices.
Windows 10's
security baseline enables enterprise security administrators to use Microsoft-recommended Group Policy Object (GPO) baselines for boosting the overall security posture of a system and reduce its overall attack surface.
"A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact," as Microsoft
explains on its documentation website. "These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers."