Endpoint SecuritySecurity Baselines

Security Baselines

25 mins

Understanding the Concept

Security baselines in Intune are pre-configured groups of Windows settings recommended by Microsoft security teams. They provide a known-good security posture based on feedback from Microsoft security engineering teams, product groups, partners, and customers.

Available baselines include: Windows Security Baseline, Microsoft Defender for Endpoint Baseline, Microsoft Edge Baseline, Microsoft 365 Apps Baseline, and Windows 365 Cloud PC Baseline. Each baseline contains dozens of settings configured to recommended secure values.

Baselines can be applied as-is or customized. When updating to a new baseline version, Intune provides a comparison showing changes between versions. Organizations should test baselines in a pilot group before broad deployment.

Key Points

  • Security baselines: Microsoft-recommended security configurations
  • Available baselines: Windows, Defender, Edge, M365 Apps, Windows 365
  • Pre-configured settings based on Microsoft security best practices
  • Can be customized per organizational requirements
  • Version management with comparison between baseline versions
  • Should be tested in pilot groups before production deployment

Security Baseline Deployment

Step 1

Select

Choose appropriate baseline

Step 2

Review

Examine and customize settings

Step 3

Pilot

Deploy to test group first

Step 4

Deploy

Roll out to production groups

Why This Matters in Real Organizations

Security baselines accelerate security hardening by providing expert-recommended configurations. Without baselines, organizations must research and configure hundreds of security settings individually, risking misconfiguration.

Common Mistakes to Avoid

Deploying baselines without testing, causing application compatibility issues
Not reviewing baseline settings and applying blindly
Conflicting baselines with existing configuration profiles
Not tracking baseline version updates and staying on old versions

Interview Tips

  • Explain security baselines and their role in endpoint security
  • Discuss how you handle baseline conflicts with existing policies
  • Describe your baseline testing and deployment strategy

Exam Tips (MD-102)

  • Know available security baseline types
  • Understand how baselines interact with configuration profiles
  • Know the baseline version update process

Course Complete!

You've finished all lessons

Previous|Next|HHome