Security Baselines for Microsoft 365 Apps

Copper Contributor

I wanted to get a little clarification on some best practices for using Security Baselines in Intune. Primarily in relation to Microsoft Edge and Microsoft 365. There are multiple areas where policies are managed for these apps:

  • Intune
  • Microsoft 365 Apps Admin Center
  • Microsoft Edge (Located in the Microsoft 365 Admin Center)

This is made more confusing in that baselines are made available for Microsoft 365 apps in both Intune and the Apps Admin Center. Not only that, but access to the policy area of the Apps Admin Center is also available in the Intune Apps tab.


Microsoft does not really provide clear intent on what each section is intended for, but I'm intuiting they are intending the following:

  • Security Baselines for M365 and Edge apps are managed in Intune.
  • For devices not being managed by Intune, these baselines can also be configured for work or school accounts logged in from an Azure registered device, allowing for a separation of work and personal data.
  • Configurations outside of the Security baselines are intended to be configured in the associated admin center for the app.

With all that being said, does anyone know if Microsoft intends to continue support for the M365 Apps Admin Center Policy Configurations or Security Baselines in Intune? What is Microsoft's intention behind the variety of Admin Centers that can apply policies for these the M365 and Edge applications? Are there any best practices for where I should be applying configurations from for these apps?



0 Replies