Event banner
Event details
Joe_Lurie
Microsoft
MicrosoftSimonHalpin There is no one to one mapping between Security Baselines and CIS Benchmarks. See FAQ here: Learn about Intune security baselines for Windows devices | Microsoft Learn
OK, my scenario is I need to justify to our IT security team why I believe Intune Baselines would be better for us as an organistion over the CIS policy. My main reason is to get away from GPO and eventyually move devices to Entra joined rather than hybrid.
When we scan a machine witht the CIS SAT checker tool , the CIS policies make it 64% compliant where as a security baseline only built machine is 43% compliant. Now, I did try to explain that the CIS tool is marking its own homework so it wasnt a fair comparison but I need to show that baselines will secure us better and make it easier to make changes moving forward
- Jason_Sandys"Better" is in the eye of the beholder here and is a subjective standard, As noted, we (Microsoft) provide the Windows security baseline as our "gold" standard and consider it (in general) sufficient to start your journey but every org will be slightly different and have their own perspective on this. Similarly, discrepancies between the two standards don't equate to one being better than the other. Ultimately, there's nothing we can provide to say that one is better than the other as that's ultimately for you, your security team, and your org to determine.
- Ok, thank you. I thought this would be the case but wanted to ask the question 🙂 appreciate the response
