Reviewing Security Baselines
Start course

This course explores the suite of tools available in Microsoft Endpoint Manager for establishing and maintaining security posture in an organization. These include tools like Microsoft Intune, used for enrolling devices as well as creating and enforcing device compliance, and Microsoft Defender, used for implementing device antivirus and malware defense tools. This course will also review the activities involved in reducing attack surfaces in an organization that bad actors could use to penetrate and expose sensitive data. This sensitive data is protected through the implementation of attack surface reduction rules which are deployed through careful auditing and testing to prevent any loss of productivity. This course will also touch on the security baselines made available to organizations wishing to enact a more granular security posture and have access to tools like secure score for evaluating the effectiveness of these efforts against known best practices.  

Learning Objectives

  • Create a compliance policy 
  • Monitor enrolled devices
  • Setup surface attack reduction rules
  • Deploy surface attack reduction rules
  • Review security baselines
  • Examine Microsoft secure score

Intended Audience

This course is designed for individuals who are responsible for setting up and monitoring device compliance and security in Microsoft 365 as well as those pursuing Microsoft certifications.


To get the most from this course, you should have some familiarity and experience with the Microsoft 365 security suite of tools including Microsoft Endpoint Manager.  


Reviewing Security Baselines. Programs like Windows and Windows Server are generally considered to be secure out of the box, organizations may still want additional controls over security configurations. Microsoft provides guidance around setting up these security features through security baselines, which are groups of pre-configured Windows settings that help apply and enforce granular security settings. These can be customized to enforce only those settings and values important to our organization. We create these profiles in Microsoft Endpoint Manager.

Security baselines are an extraordinary benefit to customers because they bring together expert knowledge from Microsoft and its partners. There are over 3,000 Group Policy settings for Windows 10, and exploring each one would take a lot of time. To enable faster deployments and make managing products easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Object Backups.

The principles of these security baselines are as follows. They are designed for well-managed security-conscious organizations in which standard end users do not have administrative rights. A baseline enforces a setting only if it mitigates a contemporary security threat, and does not cause operational issues that are worse than the risks they mitigate. A baseline enforces a default only if it is otherwise likely to be set to an insecure state by an authorized user.

We can download security baselines from the Microsoft Download Center by locating the Security Compliance Toolkit which includes tools that can assist admins in managing baselines in addition to the security baselines themselves. Each new version of a baseline can add or remove settings or introduce other changes. For example, as new Windows settings become available with new versions of Windows 10 or 11, the security baseline might receive a new version instance that includes these newest settings.

In the Microsoft Endpoint Manager admin center, under Endpoint Security and Security baselines, we'll see a list of the available baselines. The list includes: baseline template name, how many profiles we have that use that type of baseline, how many separate instances or versions of the baseline type are available, and the last published date that identifies when the latest version of the baseline template became available.


About the Author

Steve is an experienced Solutions Architect with over 10 years of experience serving customers in the data and data engineering space. He has a proven track record of delivering solutions across a broad range of business areas that increase overall satisfaction and retention. He has worked across many industries, both public and private, and found many ways to drive the use of data and business intelligence tools to achieve business objectives. He is a persuasive communicator, presenter, and quite effective at building productive working relationships across all levels in the organization based on collegiality, transparency, and trust.