Forum Discussion

dilanmic's avatar
dilanmic
Iron Contributor
Aug 21, 2025
Solved

Best Approach for Managing Microsoft 365 Apps Policies in Intune

  Hi All, Our company is currently operating in a Hybrid Active Directory (AD) environment, with all policies being deployed via Group Policy Objects (GPOs). We have GPOs in place for Microsoft Off...
  • Bogdan_Guinea's avatar
    Aug 23, 2025

    dilanmic​ 

    Hy,

    you could use the Microsoft 365 Apps for Enterprise Security Baseline Policies under Intune | Endpoint Security | Security Baseline or use the Apps | Policies for Microsoft 365 apps feature rather than configuration profiles.

    Benefits:

    • Policies for Microsoft 365 Apps cover settings more granularly and are designed for Microsoft 365 app management, whereas Configuration Profiles in Intune are more general device and user settings.
    • When migrating from GPOs, use Group Policy Analytics in Intune to assess and transition supported GPO settings, but for Microsoft 365 Apps specifically, the best practice is to build new Policies for Office apps in Intune.
    • Security Baseline are updated periodically (usually twice a year) to incorporate new security features and recommendations, keeping your environment current.

    In summary, for managing Microsoft 365 Apps policies such as Office and Outlook during your migration to Intune from GPOs, it is best to use Policies for Microsoft 365 Apps rather than general configuration profiles or make use of the Security Baseline, both of them provides more precise control and the benefits of Office Cloud Policy Service integration.

    Be aware that Security Baseline complements the Policies for Microsoft 365 Apps by covering broader security settings that might be outside the scope of app-specific policies, so is still a good approach to start with and continue with the Policies for Microsoft 365 apps.

    Good luck!

Resources