
close
close
In this article, I’m going to show you how to customize endpoint security settings in Microsoft Intune. Including how to change security baseline settings, how to make sure devices are running a specific operating system version (or later), and how to configure Windows and iOS disk encryption settings.
Microsoft provides a series of recommended security baseline settings. But depending on your organization’s needs, it may be necessary to review and change the settings to ensure that devices and data are properly secured.
advertisment
Additionally, you should configure Intune to automatically update Windows and make sure that devices aren’t running an outdated version of an operating system. Finally, configure disk encryption and Mobile Application Management settings to make sure data is protected on mobile devices.
What you need to know:
Similar to Conditional Access policies, Microsoft provides you with some baseline Endpoint security policies as seen here. These are the recommended security settings; however you may customize them to your organization’s requirements.
Customize a security baseline in Microsoft Endpoint Manager (Intune)
To use the settings, you must select one of the policies and then create a profile. The profile should then be assigned to user or groups as needed. You can create multiple profiles and assign them to different groups or all users.
advertisment
Customize a security baseline in Microsoft Endpoint Manager (Intune)
Now you can assign users or groups.
Assign users or groups in Microsoft Endpoint Manager (Intune)
All devices should be updated automatically. This helps you to keep devices compliant. This can be defined as follows:
Configure Windows update settings in Microsoft Endpoint Manager (Intune)
Apart from having the right OS, it’s also important to streamline the OS version on each machine. You can achieve uniformity in the Windows 10 OS version installed on all devices.
Follow the path shown in the screenshot here. The Feature update to deploy field is the OS version that will be installed on all the selected machines.
advertisment
Configure Windows update settings in Microsoft Endpoint Manager (Intune)
It’s important to have a policy in place to handle iOS devices too. The screenshot here showcases a new policy, where a specific version of iOS is defined for all iOS-based devices. The location for this is Devices > Update policies for iPadOS/iOS.
Configure iOS version policy settings in Microsoft Endpoint Manager (Intune)
On the next page you must select the users on whom this will be effective.
BitLocker should be used to encrypt all your Windows 10 machines. In the Endpoint manager portal, go to Devices > Configuration profiles > Create Profile. In the new profile, define your settings under Windows Encryption.
Configure Windows BitLocker disk encryption settings in Microsoft Endpoint Manager (Intune)
You can also configure a similar policy to control iPad and iOS devices.
End users access corporate data on organization-owned mobiles or on their personal devices. It’s critical to ensure that corporate data doesn’t leak. Because Mobile Application Management (MAM) depends on identity management, you can safeguard both managed and unmanaged mobile devices.
Application protection policies (APP) can be applied to all apps running on mobile platforms. You should configure APP for both iOS and Android devices.
APP for Android mobile devices
APP for iOS mobile devices
The settings in these policies can be used to enforce disk encryption; disable saving copies of data; restrict cut, copy, and paste operations between apps; block screen capture; and require a PIN to access specific apps.
Once you have configured all the settings above to suit your organization’s needs, you can be sure that you have a more secure mobile workforce, that devices are less likely to be compromised, and data is better protected.
More from Vignesh Mudliar
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group