As part of our ongoing investment in improving the Microsoft Intune admin experience, we're excited to announce a Microsoft 365 Apps for enterprise security baseline as well as a new version of the M...
Updated May 26, 2023
Version 1.0
Blog Post
4 MIN READ
New Microsoft 365 apps security baseline profile and updates to the Microsoft Edge baseline
Thanks for this blog post!
Question:
At this moment we are using the Office Cloud Policy settings for Microsoft 365 Apps for Enterprise. (via config.office.com).
We configured all Security Baseline policies in this portal. We know only user policies are available in this portal.
All policies are user targetted, doesn't matter if the device is managed/unmanaged, policies are downloaded when a user does login the Office application with the M365 account.
Now we have the Intune Security Baseline, see now also "device" policies, we can also assign to Device Groups.
What is the best practice, using Intune Security Baseline, or the Office Cloud Policy from config.office.com for Microsoft 365 Apps for Enterprise?
When deploying via Intune, we have error's on the following 4 policies in the baseline:
- Block Flash activation in Office documents
- Configure SIP security mode
- Disable HTTP fallback for SIP connection
- Restrict legacy JScript execution for Office
Is there a known issue for these 4 policies, we don't understand why this policies have an error?
Only thing I can think of, is that we have deployed Office without the Skype client, Skype is not installed, is this a reason for the SIP error's, because the application is not installed?
Thanks for your time!