New on Microsoft Learn: Advance your security posture from chip to cloud
Published Dec 01 2022 04:05 PM 208K Views
Microsoft

Where do you start with improving your organization's security posture? You've heard about growing cyber threats and security statistics, hardening, and Zero Trust. Now a new learning module brings it all together with practical guidance to help secure your environment from chip to cloud.

Just to give you an idea of what's in the learning module, this article outlines:

  • The basics of Zero Trust from chip to cloud
  • Leveraging Microsoft Intune's capabilities as an example of how to advance your security posture
  • Tools to monitor and report on your security posture

The basics of Zero Trust from chip to cloud

While keeping up with the latest threats in your field and sector can be challenging, it is essential to regularly update your devices with monthly updates and leverage control and monitoring capabilities. On top of that, the new worldwide Zero Trust model requires continuous improvements to securing all parts of your estate: from chip to cloud. This includes hardware, operating system, applications, identity and privacy, and the cloud.

It's an ongoing effort and is certainly complex. However, we've put together a learning module to highlight the servicing that takes much of the burden off your shoulders. You'll learn about two types of security features: those that are built in and automated for you, and those that you can easily configure with Microsoft Intune.

Microsoft Intune's capabilities to advance your security posture

Microsoft Intune is a mobile device management (MDM) endpoint solution built on Zero Trust. You might already be using it to manage all your organization's devices by securing access, protecting data, and responding to risk across the cloud, on-premises, and multiple OS versions. Though you and your organization may use another endpoint solution, we leverage Intune capabilities in this module to demonstrate many of the prescriptive how-to's across the module.

Set up Microsoft Intune

If you're just starting with Microsoft Intune, please check or prepare with the following steps:

Getting set up with Microsoft Intune is starting your security improvement journey with the cloud layer. Two essential Intune tools that allow you to secure your environment from the cloud to the chip are security baselines and settings catalog.

Start with security baselines

A security baseline is a recommended collection of configuration settings, which also details their security impact. Start by deploying any of the available security baselines to configure Windows devices:

  • Security baseline for Windows (Windows 10, version 1809 and later)
  • Microsoft Defender for Endpoint baseline
  • Microsoft Edge baseline
  • Windows 365 security baseline

Ensure good initial security posture for your organization with these pre-built baselines, which you can also modify before assignment. The learning module will walk you through a selection of specific features at different levels of your environment to show how to set these security baselines where available.

Manage the Intune settings catalog like a pro

Another important tool to improve your security posture further is Intune's settings catalog. It is your one-stop shop to configure all the settings from chip to cloud in one place. Go beyond the security baselines and implement the particular compliance standards of your organization. Use the settings catalog to configure most of the features that advance your security posture.

To create a policy in the Microsoft Endpoint Manager admin center:

  1. Select Devices > Configuration profiles > Create profile.
  2. In the properties, enter your operating system for Platform.
  3. Enter "settings catalog" for Profile.
  4. Confirm creation of the policy.
  5. Enter the basics for the policy.
  6. Use Configuration settings to add settings from a settings picker.

To browse thousands of settings available to you, search by category (e.g., browser), keyword (e.g., Office), a specific setting, or use Add settings > Search.

Tools to monitor and report on your security posture

Your Zero Trust journey is exactly that – an ongoing journey. As you keep advancing your security posture from chip to cloud one feature at a time, keep monitoring it for your reporting and improvement goals. The learning module introduces two assessment tools you'll find helpful:

That's briefly what the learning module contains!

The visual table of contents maps out the topics covered in the module, along with opportunities and steps to improve your security posture one feature at a time. And why not earn some experience points while you're at it?

Learning module table of contents: features are listed across learning units on cloud, identity, privacy, applications, operating system, and hardware securityLearning module table of contents: features are listed across learning units on cloud, identity, privacy, applications, operating system, and hardware security

Bookmark Advance your security posture with Microsoft Intune from chip to cloud for your continuous improvement journey. While there are no prerequisites, you may want to brush up on Zero Trust and Intune with these learning paths:


Continue the conversation. Find best practices. Visit the Windows Tech Community.
Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter.

 

Co-Authors
Version history
Last update:
‎Dec 01 2022 04:22 PM
Updated by: