Microsoft is now providing security baseline for the modern workplace through Intune Mobile Device Management (MDM). This is well known from GPO world with Security and Compliance Toolkit (SCT)
This is a good entry point for security on modern workplaces. It can help you define company security strategy, by knowing what you can set on MDM. It’s a collection of configuration settings recommended by Microsoft.
It’s a good way for you to ensure the best protection across devices without having to get too deep in knowing all MDM possibilities.
As a starting point for Microsoft and his security baselines (Windows 10 october 2018 release), here are the settings Microsoft will configure to ensure best protection. Up to you to modify these settings and enable your owns. This list and settings will grow, following the consumer needs and best practices.
Event Log Service
Local Policies Security Options
MS Security Guide
Remote Desktop Services
Remote Procedure Call
Windows Connection Manager
Windows Ink Workspace
You can find the full description here : https://docs.microsoft.com/en-us/intune/security-baseline-settings-windows
This is what security baseline is offering to Modern Workplace Admins :
- In-depth reporting on the state of each setting in the baseline on every device in your organization
- A first-class policy interface using familiar Intune policies to easily customize and deploy a baseline with MDM
- A versioning experience to stay up-to-date when Microsoft updates security baseline recommendations
1. Add security baselines to your Azure Tenant and select Preview: MDM Security Baseline for October 2018
2. Create your first profile by clicking on Create profile
3. Review profile settings and click Create
4. You still need to assign the profile to your test users.
And you are all set!
You can now get metrics on profile assignation and get all devices that are not matching baseline or have not well configured.
First blog information from Microsoft
All security baselines in details
Deploy security baseline