Event banner
Event details
30 Comments
- Heather_Poulsen
Community Manager
How did we do on our Technical Takeoff Day 1 sessions? Please take this 2-minute survey and let us know your thoughts on this event.
- Question regarding security baselines. Two of the available baselines are 'Security Baseline for Win 10 and later' as well as the 'Defender for Endpoint baseline'. Do you apply one rather than the other in certain use cases, or would you want to apply both baselines to a user/device?
- Christian_Montoya
Microsoft
Kurt_Wise - That's a great question! Unfortunately, I'm not an expert on the other security baselines, only the Windows 365 security baseline in that it contains configurations specific for resource/device redirections for Remote Desktop Protocol (RDP) and being a virtual machine.
There was a Policy management with Microsoft Intune | Microsoft Technical Takeoff session, which might be a good forum to follow-up on this ask, as they should have guidance.
- Great Session, thanks for that. When Christian is demonstrating the CA policy, I have seen one settings which is not shown, so I'm wondering what's behind that: "Require compliant device to access org data" and the not-shown setting is the one under "Conditions"...what is it? thanks
- Christian_Montoya
JochenB007 - Please ignore that Condition. It turned out I configured the Conditional Access policy in Report-only mode instead of On or Off, so it added a condition when I created the policy.
- Agreed, I can usually find the same setting within Intune, just the recommended security mitigation documentation is not pointing at Intune, and doesn't mention it as an option... But usually I go looking within Intune...
- Conditional Access question. I've got a policy that requires a compliant device for using Office 365 Apps on desktop. Windows365 app from MS store is a part of Office365 Apps available through Conditional Access. Though it is not yet documented - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/reference-office-365-application-contents Will simply excluding Windows 365 app in such CA policy, work to grant access from unmanaged device that uses Windows365 store app? https://imgur.com/a/Np2soVF
- Christian_Montoya
UniverseCitiz3n - We just pushed through a change where the Windows 365 app is now reporting as the Windows 365 app in Conditional Access, instead of the grouped Office 365 app, that should have fully rolled out last week.
Can you try again and let us know if you're still experiencing the same behavior?
- Thank you, for your presentation in a personal manner where you are speaking at a normal rate and not as though you are reading. Your passion and confidence in your materials really shines.
- Heather_Poulsen
We’re happy you’re here with us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event.
- Will devices placed under review be excluded from the Intune device clean up rule?
- Ankur_BiswasNo, the devices placed under review should behave exactly like they did before with regards to the device clean up policies.
- New to this.....Could someone please elaborate on the a clean up policy? What does it look like and how is it configured?
- Why a seperate W365 security baseline while there is already a Windows security baseline?
- Because the Windows baseline will also set bitlocker while Windows 365 bitlocker is done on system level. so, your policy will have errors because it cannot set it
- Joe_LurieThere are a couple differences, notably the TPM settings, since Windows 365 uses a virtual TPM. Here is a list of all of the settings available: https://learn.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-windows-365
- Christian_Montoya
Tommeke - Another thing I'd like to highlight is the RDP Device redirections, since Windows 365 Cloud PCs are only available remotely.
- Will the W365 Security Baselines in Intune>EndpointSecurity be made available for Business edition Windows365 skus?
- Christian_Montoya
danjb - The Windows 365 Security Baseline can be applied to Windows 365 Business Cloud PCs, as long as they are also enrolled into Microsoft Intune.
