Forum Discussion
Best Approach for Managing Microsoft 365 Apps Policies in Intune
Hy,
you could use the Microsoft 365 Apps for Enterprise Security Baseline Policies under Intune | Endpoint Security | Security Baseline or use the Apps | Policies for Microsoft 365 apps feature rather than configuration profiles.
Benefits:
- Policies for Microsoft 365 Apps cover settings more granularly and are designed for Microsoft 365 app management, whereas Configuration Profiles in Intune are more general device and user settings.
- When migrating from GPOs, use Group Policy Analytics in Intune to assess and transition supported GPO settings, but for Microsoft 365 Apps specifically, the best practice is to build new Policies for Office apps in Intune.
- Security Baseline are updated periodically (usually twice a year) to incorporate new security features and recommendations, keeping your environment current.
In summary, for managing Microsoft 365 Apps policies such as Office and Outlook during your migration to Intune from GPOs, it is best to use Policies for Microsoft 365 Apps rather than general configuration profiles or make use of the Security Baseline, both of them provides more precise control and the benefits of Office Cloud Policy Service integration.
Be aware that Security Baseline complements the Policies for Microsoft 365 Apps by covering broader security settings that might be outside the scope of app-specific policies, so is still a good approach to start with and continue with the Policies for Microsoft 365 apps.
Good luck!
thank you!
Configuration profiles and endpoint security baseline for me for sure. I have found Cloud policy for M365 apps using config.office.com or Intune to be clunky and an absolute administrative nightmare to manage.
Microsoft's Policies for Microsoft 365 Apps remain the official recommended approach from Microsoft, but in practice, managing these policies through config.office.com or Intune can be quite challenging.
Configuration profiles and endpoint security baselines tend to offer a more streamlined and manageable experience for many administrators, Security Baseline in my opinion are the best approach to start with.
Good luck!
Really? Can you show me where you are seeing this ‘official recommended approach’ documented? If you looking at AI based responses (and looks like you are), then I wouldn’t put my money on what AI is showing here. As far as I know, there is no official recommendation here. If you are looking to create app based policies, then maybe policies for M365 apps can be an option. However, based on my personal experience, I will still not recommend it. If you are looking at configuring more of generic settings, baseline or config profiles through settings catalog will be my recommendation.
Where’s the catch with AI and all the stuff?
There’s no one-size-fits-all solution in this case. we do aim to help users at all experience levels find the best solutions that rely on trusted MS-Tech and stability.
I was hoping you understood my use of "official recommended approach" in this context, reflecting this modern management capability supported by MS and Regarding Click-to-Run Policy.
...regarding the note about AI: I do like to complement those insights with official documentation and personal experience and using it more as Search engine or translator.
Good luck!