They are here! The Intune MDM Security Baselines

One of my favorite benefits of my job as an IT consultant is that I can roam freely and work from wherever I want. This makes it possible to change scenery everyday, something that keeps me inspired. For example, this coffeehouse is my office right now.


Anyway, I’m currently helping a customer of mine to implement Intune for managing their Windows 10 devices and, as you know, there is a big potential to create secure and robust security policys on the Intune platform. In fact, there are so many policy settings nowadays, that it can be a bit overwhelming to go through them all and there is always a risk that you miss an important security setting. Well, not anymore! Say hi to Intune MDM Security Baselines!

What are MDM Security Baselines?

MDM Security Baselines in Intune offers the same knowledge and experience that the classic Security and Compliance Toolkit for Group Policy does. It’s a set of policy templates built on security best practices and experience from real world implementations. The baselines will help you to optimize you security configuration for the modern desktop and make sure that you don’t miss important settings.

Security baselines create a Configuration Profile for Windows 10 in Intune. This profile includes all the settings in the baseline. You then apply or assign this profile to your users, groups, and devices. You can also customize the settings if there are things you don’t like or need. The baselines can be accessed from the Intune portal.


MDM Security Baselines will guide you to configure the best security configuration and explain the impact of each policy on the way. As Microsoft learns new ways to improve security, the baselines will be updated to help you adapt to current threats. There is a versioning feature built into Intune and you can choose when its a good time for you to update your policies to the latest release.

It’s easy to track the baseline ones it has been deployed to a Configuration Profile.


How to create and assign a Configuration Profile from a MDM Security Baseline

It’s easy to create a Configuration Profile from a MDM Security Baseline in Intune.

  1. Login to the Azure Portal and go to the Intune blade.
  2. Look for the new Security baselines in the menu.
  3. Select a baseline in the list and create a new profile from that.
  4. Enter the profile details like name and description and perform any manual changes to the baseline settings if you want to.
  5. Save the profile and then assign it to users, groups or devices just like any Intune profile.


The MDM Security Baselines feature is a welcome addition to the Intune platform. This is sure to be one of the first Intune features I will show customers as it will speed up security deployment when moving to Windows 10 or migrating from legacy AD to Azure AD.

Note that this feature is in preview when I post this.

Read more here.

Please follow me here, on LinkedIn and on Twitter.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s