- Understanding Kubernetes Persistent Volumes - Mon, May 29 2023
- Pulseway 9.2: Remote monitoring with workflow automation - Thu, May 18 2023
- ENow Active Directory Monitoring & Reporting - Tue, May 16 2023
Security baselines take the heavy lifting out of applying recommended best practices in your organization. They essentially combine recommended configuration settings with out-of-the-box security baselines that can easily be applied to devices. Microsoft also provides them as a package for group policies.
You can view the security baselines by navigating to Endpoint security > Security baselines. Click the security baseline that you want to apply.
Viewing the default security baselines
Click Create profile to customize a specific security baseline.
Viewing the default security baselines 1
This launches the Create profile wizard. Name the security baseline profile.
On the Configuration settings screen, you can view the configuration settings contained in the security baseline and customize them as needed for your organization.
Viewing and customizing the configuration settings in the security baseline
Define any scope tags for granular scoping. Next, on the Assignments screen, add the group containing the target devices for the security baseline.
Assigning the security baseline profile to a group
Next, review and create the security baseline profile.
Review and create the security baseline profile
The security baselines are a great way to implement best practice security recommendations for your Intune-enrolled endpoint devices.
Create a compliance policy
Intune compliance policies help organizations govern the compliance of both users and end user devices. With Intune compliance policies, businesses can:
- Configure rules and settings that users and devices must meet for compliance
- Specify actions for devices that are noncompliant
- Combine these with conditional access, which can then block users and devices that are noncompliant
Navigate to Devices > Compliance policies.
Configuring a compliance policy in Intune
Click the Create Policy button.
Configure a new Intune compliance policy
Select the platform to which the compliance policy will apply. Click Create.
Select the platform for the compliance policy
This launches the Windows 10/11 compliance policy creation wizard. The first step is to name the new Intune compliance policy.
On the Compliance settings screen, you can view or customize the Intune compliance settings contained in the compliance policy. For example, these might include that BitLocker, Secure Boot, or HVCI must be activated on the device.
Viewing and customizing compliance policy settings
Configure the actions for noncompliance. By default, the device will be marked as noncompliant. In addition, admins can choose the options Send email to end user and Retire the noncompliant device.
Actions for noncompliance in Intune compliance policy
Add the group you want to assign to the compliance policy.
Assigning the Intune compliance policy
Review and create the new compliance policy.
Review and create the Intune compliance policy
After creation, you will see the dashboard display for the compliance policy, along with the number of devices that are compliant or noncompliant once enrolled.
Subscribe to 4sysops newsletter!
Viewing the Intune compliance policy after creation
Concluding
Microsoft Intune Endpoint Security has robust features, including configuration policies, security baselines, and compliance policies that allow organizations to configure and enforce security and compliance governance in the cloud SaaS environment.
