Forum Discussion
Best Approach for Managing Microsoft 365 Apps Policies in Intune
Hi All,
Our company is currently operating in a Hybrid Active Directory (AD) environment, with all policies being deployed via Group Policy Objects (GPOs). We have GPOs in place for Microsoft Office and Outlook, and we are planning to transition these to Microsoft Intune.
My question is: What is the recommended approach for creating and managing policies related to Office 365 and Outlook (Microsoft 365 Apps) in Intune?
Specifically, would it be better to implement these settings using Configuration Profiles, or should we use Policies for Microsoft 365 Apps within Intune? I’d appreciate guidance on the best practice for this migration.
Thanks,
Dilan
Hy,
you could use the Microsoft 365 Apps for Enterprise Security Baseline Policies under Intune | Endpoint Security | Security Baseline or use the Apps | Policies for Microsoft 365 apps feature rather than configuration profiles.
Benefits:
- Policies for Microsoft 365 Apps cover settings more granularly and are designed for Microsoft 365 app management, whereas Configuration Profiles in Intune are more general device and user settings.
- When migrating from GPOs, use Group Policy Analytics in Intune to assess and transition supported GPO settings, but for Microsoft 365 Apps specifically, the best practice is to build new Policies for Office apps in Intune.
- Security Baseline are updated periodically (usually twice a year) to incorporate new security features and recommendations, keeping your environment current.
In summary, for managing Microsoft 365 Apps policies such as Office and Outlook during your migration to Intune from GPOs, it is best to use Policies for Microsoft 365 Apps rather than general configuration profiles or make use of the Security Baseline, both of them provides more precise control and the benefits of Office Cloud Policy Service integration.
Be aware that Security Baseline complements the Policies for Microsoft 365 Apps by covering broader security settings that might be outside the scope of app-specific policies, so is still a good approach to start with and continue with the Policies for Microsoft 365 apps.
Good luck!
6 Replies
Hy,
you could use the Microsoft 365 Apps for Enterprise Security Baseline Policies under Intune | Endpoint Security | Security Baseline or use the Apps | Policies for Microsoft 365 apps feature rather than configuration profiles.
Benefits:
- Policies for Microsoft 365 Apps cover settings more granularly and are designed for Microsoft 365 app management, whereas Configuration Profiles in Intune are more general device and user settings.
- When migrating from GPOs, use Group Policy Analytics in Intune to assess and transition supported GPO settings, but for Microsoft 365 Apps specifically, the best practice is to build new Policies for Office apps in Intune.
- Security Baseline are updated periodically (usually twice a year) to incorporate new security features and recommendations, keeping your environment current.
In summary, for managing Microsoft 365 Apps policies such as Office and Outlook during your migration to Intune from GPOs, it is best to use Policies for Microsoft 365 Apps rather than general configuration profiles or make use of the Security Baseline, both of them provides more precise control and the benefits of Office Cloud Policy Service integration.
Be aware that Security Baseline complements the Policies for Microsoft 365 Apps by covering broader security settings that might be outside the scope of app-specific policies, so is still a good approach to start with and continue with the Policies for Microsoft 365 apps.
Good luck!
thank you!
Configuration profiles and endpoint security baseline for me for sure. I have found Cloud policy for M365 apps using config.office.com or Intune to be clunky and an absolute administrative nightmare to manage.
