Comments on: Deploying Microsoft Intune Security Baselines

By: Jon Jarvis

Jon Jarvis — Fri, 26 Apr 2024 20:06:44 +0000

Hi Michael,
Please see my updated article, https://practical365.com/revised-security-baselines-for-microsoft-365-and-intune/

At the time of writing this article the CIS guidelines were out of date and the others provided better protection- not anymore 🙂

By: Michael Smith

Michael Smith — Fri, 26 Apr 2024 20:03:30 +0000

Being an InfoSec individual and working in IT for many years I respectfully disagree with your assessment on the CIS benchmarks. Is being ‘over protected’ a problem if your systems operational as expected? While IT is usually overwhelmed, too many times we look for the ‘easy button’ to push which just make things secure. There is something to be had digging in trying to understand each of the CIS recommendations. The one size fits all does not work with security and will usually leave an organization vulnerable. The CIS does a great job at trying to give administrators what to do, how to do and why you’re doing it explanation. Use the different approach and document what you don’t apply vs. what you applied. This put both the administrator and the organization is a much better position. The administrator knows and documents exactly why they can’t implement a security recommendation, which is then used by the organization to determine the risk to the organization. It’s not what I know what scares me it’s what I don’t know. Yes the CIS takes time and effort, you can pay for the easy button, but I always recommend that my clients take the harder path as it usually pays dividends in the end. My two cents.

By: Ryan

Ryan — Wed, 10 Aug 2022 15:51:27 +0000

Useful and timely article – CIS really don’t make it easy to adopt their guidelines.. we’re running the built in baselines however CIS still kicked out approx 78 fails.. now pushing to find out what the score was as I’m hoping its enough to mark as compliant and move on..

I really dont want to have to manually build out CIS policies!

By: James Stratton

James Stratton — Wed, 27 Jul 2022 10:02:46 +0000

Very useful article thank you. Do you know whether the new Cyber Essentials BYOD requirements can be implemented on persona devices using Endpoint Manager?

By: James Stratton

James Stratton — Wed, 27 Jul 2022 10:01:59 +0000

Very useful article thank you. Do you know whether the new Cyber Essentials BYOD requirements can be implemented on persona devices using Endpoint Manager?

By: Kieren Reeks

Kieren Reeks — Mon, 18 Jul 2022 19:51:30 +0000

You can now Import your GPO’s into the Intune GPO Analyser, and then Migrate them to Intune Configuration Profiles. Easy

By: Jon Jarvis

Jon Jarvis — Wed, 01 Jun 2022 09:41:36 +0000

In reply to David.

Hi David, thank you! I tried and failed with the export of CIS baselines.

When they are exported, most of the values turn into “******”, which would mean going through the JSON and manually updating nearly every single line manually. I don’t think it is worth it when the Microsoft Security Baselines offer more comprehensive protection.

Thanks

By: David

David — Tue, 31 May 2022 12:02:42 +0000

Great article. I don’t suppose you have the exported JSON files (CIS + NCSC) once you did implement them in Intune?