Microsoft Intune is excited to announce general availability of Windows MDM Security Baselines. A new version of security baselines is also being released at the same time, identified as MDM Security Baseline for Spring 2019 Update (19H1). This is a new template that includes several new settings and some other updates. Please refer to the documentation for a detailed list of what's changed in the new template.
A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. Industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, increases efficiency and reduces costs compared to creating them all by yourself. These settings are continually updated with feedback from Microsoft security engineering teams, product groups, partners, and real-world learning from thousands of customers. Microsoft security baselines provide intelligent recommendations that are relevant to the needs of your business, based on your IT infrastructure.
Attach the power of intelligent cloud
Microsoft has years of experience publishing security baselines as Group Policy Objects in the Security and Compliance Toolkit (SCT). Customers have trusted this toolkit for years to provide templates to configure security baselines through Group Policy. Microsoft Intune now brings the same collective knowledge and expertise to secure the modern desktop with MDM security baselines.
Microsoft recommended security baselines in the Intune service leverage the greatly expanded manageability of Windows 10 using Mobile Device Management (MDM). These security baselines will be managed and updated directly from the cloud – providing customers the most recent and most advanced security settings and capabilities available from Microsoft 365. The same Windows security team that creates Group Policy security baselines has collaborated with Intune engineers to offer their extensive experience for these recommendations. If you're brand new to Intune, and not sure where to start, then MDM security baselines give you an advantage. You can quickly create and deploy a secure profile to help protect your organization's resources and data. If you're currently using Group Policy, migrating to Intune for management is much easier with these baselines natively built into Intune's modern management platform.
Intune MDM security baselines leverage intelligent cloud insights to deliver unique benefits beyond the security and compliance toolkit:
You may choose to create security policies directly from these baselines and deploy them to users or customize the recommendations to meet the needs of your enterprise. Intune will validate that devices follow these baselines, report on baseline compliance and notify administrators if any devices or users move out of compliance.
You can see a list of all available baselines, as well as the contents of each baseline, here: https://docs.microsoft.com/en-us/intune/security-baselines#available-security-baselines
Versioning between baselines
Alongside GA, Intune is launching a versioning experience that allows you to stay up-to-date as Microsoft updates security baseline recommendations. This means that if you’ve been using the preview baseline, you’ll be able to upgrade to the newly released GA baseline in just a few clicks.
After you make this decision, Intune will automatically update the profile to adhere to the upgraded baseline.
If you are a Microsoft Intune customer, look for the Security Baselines GA to be available in your tenant over the next few days as the global roll-out completes.
If you require any help with your deployment, Microsoft offers a variety of resources and support tools to help you succeed. Customers with eligible subscriptions to Microsoft 365, Microsoft Enterprise Mobility + Security (EMS) or Microsoft Intune can request assistance from experts in FastTrack service at no additional cost for the life of their subscription. Whether you are a customer or a partner, FastTrack provides customized guidance for onboarding and adoption, including access to Microsoft engineering expertise, best practices, tools, and resources so you can leverage existing resources to plan your deployment.
More info and feedback
As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.
Follow @MSIntune on Twitter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.