Let’s check about the latest addition in Microsoft Intune supporting a new security baseline for Office. Security baselines and policy management make it easier than ever to manage across thousands of settings for Office products.
Microsoft 365 Apps for Enterprise Security Baseline, added in the Intune, allows you to create and manage profiles to configure and assign your custom settings to groups within your organization. Full implementation guide on Intune Security Baseline settings for Microsoft 365 Office Applications are available in the following blog post – Secure Microsoft 365 Office Apps Using Intune Security Policies.
You can manage and deploy the Office security baseline using mobile device management (MDM) settings and the Intune experiences around upgrades, comparison, and reporting.
Security baselines are groups of pre-configured settings that help you apply and enforce granular security settings recommended by the relevant security teams. You can also customize each baseline you deploy to implement only the required settings and values.
You deploy security baselines to groups of users or devices in Intune, and the settings apply to devices that run Windows 10/11. Security baselines can help you to have a secure end-to-end workflow when working with Microsoft 365.
- Intune Security Baselines Policies For Windows 10 Or Windows 11 Deployment Guide
- Deploy Windows 365 Security Baseline Policies to Cloud PCs
Microsoft Intune Support New Security Baseline for Office – Roadmap
Microsoft added the addition of security baseline for office to the roadmap starting November 2021, this feature was expected in the Public preview and based on the mentioned date GA: May 2023. Starting with Intune Service release 2305, You will be able to manage, and configure the office security baseline for Windows 10, and Windows 11.
| Feature | Release phase | Preview Expected (Year) |
|---|---|---|
| Security Baseline for Office | Preview | 2022 |
Access Security Baseline from Intune Admin Center
To manage baselines in Intune, your account must have the Policy and Profile Manager built-in role. Here’s how you can follow the steps to create security baseline policies from Intune.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com/ with appropriate permission.
- Navigate to the Endpoint Security node.
- Click on the Security Baselines node to see available security baseline policies in this node.
Available Security Baselines in Intune Portal
The following security baseline options are available for use with Intune. You can click on view the settings for recent instances of each baseline. You may expect the security baseline for Office to be added under the Endpoint security node.
- Security Baseline for Windows 10 and later
- Microsoft Defender for Endpoint baseline
- Security Baseline for Microsoft Edge (Supported for Windows 11)
- Windows 365 Security Baseline
- Microsoft 365 Apps for Enterprise Security Baseline (Office Baseline)
Microsoft keeps publishing the security baseline for Office and Microsoft 365 Apps for enterprise productivity suites. IT Admins can apply baseline settings in different ways by choosing the option to download the content from the Microsoft Security Compliance Toolkit.
Microsoft Intune updates the versions of built-in Security Baselines depending on the changing needs of a typical organization. Each setting in a baseline has a default configuration for that baseline version.
You can create new profiles or update your existing profiles to the new version. Before you update the version of a profile that’s assigned to groups, test the version update on a copy of the profile so you can then validate the new baseline settings on the test group of devices.
See more details on how you can change the baseline version for a profile in the Manage Security baseline profiles.
Video – Intune Security Baseline
Let’s check out Intune Security Baseline Decoded Easiest option to set up security policies for your organization video tutorial.
Author
About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.