Forum Discussion
Best Approach for Managing Microsoft 365 Apps Policies in Intune
- Aug 23, 2025
Hy,
you could use the Microsoft 365 Apps for Enterprise Security Baseline Policies under Intune | Endpoint Security | Security Baseline or use the Apps | Policies for Microsoft 365 apps feature rather than configuration profiles.
Benefits:
- Policies for Microsoft 365 Apps cover settings more granularly and are designed for Microsoft 365 app management, whereas Configuration Profiles in Intune are more general device and user settings.
- When migrating from GPOs, use Group Policy Analytics in Intune to assess and transition supported GPO settings, but for Microsoft 365 Apps specifically, the best practice is to build new Policies for Office apps in Intune.
- Security Baseline are updated periodically (usually twice a year) to incorporate new security features and recommendations, keeping your environment current.
In summary, for managing Microsoft 365 Apps policies such as Office and Outlook during your migration to Intune from GPOs, it is best to use Policies for Microsoft 365 Apps rather than general configuration profiles or make use of the Security Baseline, both of them provides more precise control and the benefits of Office Cloud Policy Service integration.
Be aware that Security Baseline complements the Policies for Microsoft 365 Apps by covering broader security settings that might be outside the scope of app-specific policies, so is still a good approach to start with and continue with the Policies for Microsoft 365 apps.
Good luck!
Hy,
you could use the Microsoft 365 Apps for Enterprise Security Baseline Policies under Intune | Endpoint Security | Security Baseline or use the Apps | Policies for Microsoft 365 apps feature rather than configuration profiles.
Benefits:
- Policies for Microsoft 365 Apps cover settings more granularly and are designed for Microsoft 365 app management, whereas Configuration Profiles in Intune are more general device and user settings.
- When migrating from GPOs, use Group Policy Analytics in Intune to assess and transition supported GPO settings, but for Microsoft 365 Apps specifically, the best practice is to build new Policies for Office apps in Intune.
- Security Baseline are updated periodically (usually twice a year) to incorporate new security features and recommendations, keeping your environment current.
In summary, for managing Microsoft 365 Apps policies such as Office and Outlook during your migration to Intune from GPOs, it is best to use Policies for Microsoft 365 Apps rather than general configuration profiles or make use of the Security Baseline, both of them provides more precise control and the benefits of Office Cloud Policy Service integration.
Be aware that Security Baseline complements the Policies for Microsoft 365 Apps by covering broader security settings that might be outside the scope of app-specific policies, so is still a good approach to start with and continue with the Policies for Microsoft 365 apps.
Good luck!
- dilanmicAug 23, 2025Iron Contributor
thank you!
- rahuljindalAug 27, 2025Bronze Contributor
Configuration profiles and endpoint security baseline for me for sure. I have found Cloud policy for M365 apps using config.office.com or Intune to be clunky and an absolute administrative nightmare to manage.
- Bogdan_GuineaAug 28, 2025Iron Contributor
Microsoft's Policies for Microsoft 365 Apps remain the official recommended approach from Microsoft, but in practice, managing these policies through config.office.com or Intune can be quite challenging.
Configuration profiles and endpoint security baselines tend to offer a more streamlined and manageable experience for many administrators, Security Baseline in my opinion are the best approach to start with.
Good luck!