Share via

Assignment of Microsoft 365 Apps for Enterprise Security Baseline

Pavel yannara Mirochnitchenko 13,451 Reputation points MVP
2023-09-12T06:11:38.47+00:00

So, the Microsoft 365 Apps for Enterprise Security Baseline creates some confusion in out Best Practise model, because it is the only baseline which has both Device and User based settings inside. I understand that some settings of Office needs to be assigned to User Context. But the publication of this kind of baseline brings some headache to our Best Practises. I am wondering, how others are dealing with this. Do you just assign it as-is for all users, or do you split it to 2 different baselines, devices vs. users? Our Intune BP is build on traditional assignment method (taken from Group Policy and SCCM ages), where all the standard system stuff is assigned to Devices and all the special role based non-mandatory stuff are assgned to users. Share your thoughts please :)

Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Grouping
Microsoft Security | Intune | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,531 Reputation points
    2023-09-13T01:47:42.0666667+00:00

    @Pavel yannara Mirochnitchenko Thanks for posting in our Q&A.

    Not sure which is a best practise. I usually prefer Device based settings. If a setting doesn't have Device based setting, I will use the User based setting.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.