Microsoft has been publishing security baselines as Group Policy Objects in the Security and Compliance Toolkit (SCT). Customers have trusted this toolkit for years to provide templates to configure security baselines through Group Policy. Microsoft Intune now brings the same collective knowledge and expertise to secure the modern desktop with MDM security baselines.
Microsoft recommended security baselines in the Intune service leverage the greatly expanded manageability of Windows 10 using Mobile Device Management (MDM). These security baselines will be managed and updated directly from the cloud – providing customers the most recent and most advanced security settings and capabilities available from Microsoft 365. You can quickly create and deploy a secure profile to help protect your organization’s resources and data. If you’re currently using Group Policy, migrating to Intune for management is much easier with these baselines natively built into Intune’s modern management platform.
Here’s an overview of various aspects of MDM security baselines in the Intune console. Please refer to Microsoft Intune product documentation for pre-requisites and guidance on deploying this feature:
1. Login to the Microsoft Intune administration center and look for the new “Security baselines” workspace in the left navigation:
2. Review insights into the state of your Windows 10 devices against each published security baseline. Drill down to see more details and resolve the status, as appropriate
3. Create a security baseline profile using the familiar, customizable Intune policy interface
4. Easily deploy the security profiles to Azure Active Directory user groups
The public preview of MDM security baselines is now being rolled out to Microsoft Intune tenants. If you are a Microsoft Intune customer, look for the public preview to be available in your tenant shortly.