Event details
MicrosoftThanks for the question, I appreciate the detail you provided. You're right that there's been a gap between the Security Compliance Toolkit baseline releases and what's available natively in Intune's Endpoint Security baselines. The Security Compliance Toolkit team released the M365 Apps v2512 baseline in December 2025 and work is underway to bring the Intune-native baselines in-line with that update. In the meantime, the Settings Catalog in Intune is updated way more frequently than the baselines and often has the individual settings you need. I'd recommend using them both: supplementing your baseline with Settings Catalog policies to cover any critical gaps.
You can also import the latest baseline GPO templates to make cross-referencing easier. Check out the baseline management guidance here: https://learn.microsoft.com/en-us/intune/device-security/security-baselines/configure-baselines.
Joe_Lurie, the latest recommended settings for the M365 apps are not available in the Settings catalogue either and instead my team has needed to use the M365 Apps Admin Center Portal to apply the recommended settings. This is not ideal as it breaks the "single pane of glass" aspect of Intune along with the M365 Apps Admin Center not containing the proper reporting to validate policy application to instances of M365 Apps.
It would be nice to know when the Intune team is planning to align both the settings catalogue and the Security Baselines with the recommended settings created by the Security Compliance Toolkit team.
Thank you