Security baselines are groups of preconfigured Windows settings that are recommended by Microsoft. Compliance policies configure rules and settings that users and devices must meet. Microsoft 365 Intune provides the tools to enforce compliance and security policies on end user devices.

Security baselines take the heavy lifting out of applying recommended best practices in your organization. They essentially combine recommended configuration settings with out-of-the-box security baselines that can easily be applied to devices. Microsoft also provides them as a package for group policies.

You can view the security baselines by navigating to Endpoint security > Security baselines. Click the security baseline that you want to apply.

Viewing the default security baselines

Viewing the default security baselines

Click Create profile to customize a specific security baseline.

Viewing the default security baselines 1

Viewing the default security baselines 1

This launches the Create profile wizard. Name the security baseline profile.

On the Configuration settings screen, you can view the configuration settings contained in the security baseline and customize them as needed for your organization.

Viewing and customizing the configuration settings in the security baseline

Viewing and customizing the configuration settings in the security baseline

Define any scope tags for granular scoping. Next, on the Assignments screen, add the group containing the target devices for the security baseline.

Assigning the security baseline profile to a group

Assigning the security baseline profile to a group

Next, review and create the security baseline profile.

Review and create the security baseline profile

Review and create the security baseline profile

The security baselines are a great way to implement best practice security recommendations for your Intune-enrolled endpoint devices.

Create a compliance policy ^

Intune compliance policies help organizations govern the compliance of both users and end user devices. With Intune compliance policies, businesses can:

  • Configure rules and settings that users and devices must meet for compliance
  • Specify actions for devices that are noncompliant
  • Combine these with conditional access, which can then block users and devices that are noncompliant

Navigate to Devices > Compliance policies.

Configuring a compliance policy in Intune

Configuring a compliance policy in Intune

Click the Create Policy button.

Configure a new Intune compliance policy

Configure a new Intune compliance policy

Select the platform to which the compliance policy will apply. Click Create.

Select the platform for the compliance policy

Select the platform for the compliance policy

This launches the Windows 10/11 compliance policy creation wizard. The first step is to name the new Intune compliance policy.

On the Compliance settings screen, you can view or customize the Intune compliance settings contained in the compliance policy. For example, these might include that BitLocker, Secure Boot, or HVCI must be activated on the device.

Viewing and customizing compliance policy settings

Viewing and customizing compliance policy settings

Configure the actions for noncompliance. By default, the device will be marked as noncompliant. In addition, admins can choose the options Send email to end user and Retire the noncompliant device.

Actions for noncompliance in Intune compliance policy

Actions for noncompliance in Intune compliance policy

Add the group you want to assign to the compliance policy.

Assigning the Intune compliance policy

Assigning the Intune compliance policy

Review and create the new compliance policy.

Review and create the Intune compliance policy

Review and create the Intune compliance policy

After creation, you will see the dashboard display for the compliance policy, along with the number of devices that are compliant or noncompliant once enrolled.

Subscribe to 4sysops newsletter!

Viewing the Intune compliance policy after creation

Viewing the Intune compliance policy after creation

Concluding ^

Microsoft Intune Endpoint Security has robust features, including configuration policies, security baselines, and compliance policies that allow organizations to configure and enforce security and compliance governance in the cloud SaaS environment.

0 Comments

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account