There is a baseline for Windows 10 security, Microsoft Defender ATP and Microsoft Edge already. Microsoft recently announced that an Office baseline will soon be available. It will then complete the Autopilot configuration as seen above. The reason for this is in Endpoint Manager a user has already been assigned to the device. Once I select Autopilot Reset in Endpoint Manager, any active user will receive the above message that they have 45 minutes before the targeted machine is forcibly rebooted. I will fast track that process by manually rebooting the workstation to commence the Autopilot reset process.
Implement MAM configuration policies for additional settings not covered by baselines, individual Endpoint security, MDM compliance, MDM configuration policies and MAM application protection policies. In combination with conditional access, this provides organizations with the right tools to restrict users’ access to company apps and data. There are several benefits of using security baselines offered by Microsoft.
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site.
Attack Surface Reduction Rules under the Microsoft Defender section. When enabling ASR Rule policies, Microsoft advises to enable them in Audit mode first at least for 30 days and review the reports to see each rule’s impact on user computers. The rules can be quite kansas city mud jacking stringent to set to Block mode at once. However, enabling the Security Baseline Policy will set the ASR rules to Block mode as that is the template Microsoft has created. This is contradicting but be mindful when enabling the baseline as it can make user noise.
I have had organizations that have been penetration tested using both baselines and passed. But as alluded to earlier, I recommend Microsoft Security Baselines for organizations as they have an easy upgrade path for future versions of Windows. Click on thePer setting statuspolicy report, and This report shows the security baseline status of each setting for the policy across all devices and users. To manage baselines in Intune, your account must have thePolicy and Profile Managerbuilt-in role.
On the Versions pane, you can select a single version to view deeper details about the profiles that use that version. You can also select two different versions and then choose Compare baselines to download a CSV file that details those differences. If you use Windows 365, you should definitely try out this baseline. It’s much harder to change security settings once an environment is in production, so I suggest you test this with a small group until Microsoft releases it from preview. If you are new to Intune and don’t know where to begin, security baselines can help.
Create a free account today to participate in forum conversations, comment on posts and more. One of the biggest challenges with the availability of all these policies via Intune MDM and MAM as well as Endpoint security is getting to a ‘best practices’ state. If the devices is at the lock screen you will see the above message when the Autopilot process commences. After selecting Autopilot Reset in Endpoint Manager I am asked to confirm the process as shown above. Take careful note here of what Autopilot does to that machine. I have set the Configure Windows Hello for Business to be Disabled.
