The guidance is to first use Security Baselines to leverage the built-in setting recommendations that come from security experts across Windows, Defender for Endpoint, Edge, and Windows 365. After deploying the customized Security Baseline policy, you can use Endpoint Security policy templates that span across categories like AV, Firewall, ASR etc. to complement baselines with missing settings that are specific to the scope of security you're looking for. From there, you can leverage the Settings Catalog to add additional settings using the picker experience. We also surface Administrative Templates for settings that may still be need to be added but not available via the other methods. In terms of viewing and addressing conflicts, we have reports to help identify where you may have overlapping settings targeted. Reports like "Assignment failures" and "Device configuration" and the per policy reports allow you to drill down and understand where conflicts may be occurring. Make sure to check out some of the other Ignite sessions for specific discussions on deploying policy across the methods we offer!