Month: June 2023

Implement and manage security baselines in Microsoft Intune – Manage, maintain, and protect devices

Implementing security and related settings is one of the more important tasks you’ll need to perform. As discussed, Microsoft has begun consolidating the security-related settings into a single Intune: Endpoint security folder.

Here, you’ll find options to manage the various security settings we’ve been discussing. But you’ll also find a link to review security baselines.

You can use the security baselines to manage and monitor the security status of enrolled devices within your organization. By default, there are three security baselines, as shown in Figure 3-61:

  • Security Baseline for Windows 10 and later
  • Microsoft Defender for Endpoint Baseline
  • Microsoft Edge Baseline
  • Windows 365 Security Baseline

FIGURE 3-61 Configuring Security Baselines in Intune

The security baselines provide preconfigured groups of settings that enable you to configure security on your devices more easily. When you create and apply a security baseline profile, you create multiple device configuration profiles.

Periodically, Microsoft releases new baselines. When viewing profile details, the baseline used is identified in the Current Baseline column, displayed in Figure 3-62.

FIGURE 3-62 Reviewing versions for a security baseline

Create a profile

To create a profile based on a security baseline, use the following procedure:

  1. In the Microsoft Intune admin center, select Endpoint security in the navigation pane.
  2. Select Security baselines, and then select the appropriate baseline.
  3. Select the Profiles tab, and then select Create profile.
  4. On the Create profile page, on the Basics tab, enter the Name and Description and select Next.
  5. On the Configuration settings tab, configure the appropriate settings. These will vary based on the baseline you select. When you’ve completed the configuration, select Next.
  6. Optionally, use the Scope tags tab to scope the profile, select Next, and then assign the profile in the usual way.
  7. Select Next, and then on the Review + create tab, select Create.

Your profile displays in the list of profiles. Notice that the Current Baseline column indicates the baseline used to create the profile.