- New features in VMware vSphere 8 - Mon, Dec 5 2022
- Split-brain DNS deployment using Windows Server DNS policy - Wed, Nov 30 2022
- Veeam Backup for Microsoft 365—Why you need to back up your M365 data - Tue, Nov 15 2022
Security baselines take the heavy lifting out of applying recommended best practices in your organization. They essentially combine recommended configuration settings with out-of-the-box security baselines that can easily be applied to devices. Microsoft also provides them as a package for group policies.
You can view the security baselines by navigating to Endpoint security > Security baselines. Click the security baseline that you want to apply.
Click Create profile to customize a specific security baseline.
This launches the Create profile wizard. Name the security baseline profile.
On the Configuration settings screen, you can view the configuration settings contained in the security baseline and customize them as needed for your organization.
Define any scope tags for granular scoping. Next, on the Assignments screen, add the group containing the target devices for the security baseline.
Next, review and create the security baseline profile.
The security baselines are a great way to implement best practice security recommendations for your Intune-enrolled endpoint devices.
Create a compliance policy ^
Intune compliance policies help organizations govern the compliance of both users and end user devices. With Intune compliance policies, businesses can:
- Configure rules and settings that users and devices must meet for compliance
- Specify actions for devices that are noncompliant
- Combine these with conditional access, which can then block users and devices that are noncompliant
Navigate to Devices > Compliance policies.
Click the Create Policy button.
Select the platform to which the compliance policy will apply. Click Create.
This launches the Windows 10/11 compliance policy creation wizard. The first step is to name the new Intune compliance policy.
On the Compliance settings screen, you can view or customize the Intune compliance settings contained in the compliance policy. For example, these might include that BitLocker, Secure Boot, or HVCI must be activated on the device.
Configure the actions for noncompliance. By default, the device will be marked as noncompliant. In addition, admins can choose the options Send email to end user and Retire the noncompliant device.
Add the group you want to assign to the compliance policy.
Review and create the new compliance policy.
After creation, you will see the dashboard display for the compliance policy, along with the number of devices that are compliant or noncompliant once enrolled.
Subscribe to 4sysops newsletter!
Microsoft Intune Endpoint Security has robust features, including configuration policies, security baselines, and compliance policies that allow organizations to configure and enforce security and compliance governance in the cloud SaaS environment.