Intune Admin Templates and Security Baselines Now Available
IT pros using Microsoft Intune to manage devices got some polished tools from Microsoft this week.
Administrative templates for Microsoft Intune are now at the "general availability" commercial release stage for managing Windows 10 devices, Microsoft disclosed in a Thursday announcement. In addition, new security baselines for Intune are going live, per a Tuesday announcement.
Intune is Microsoft's mobile management service for PCs and mobile devices (Android and iOS), as well as mobile applications. It's provided as a service from Microsoft's datacenters ("the cloud"). IT pros familiar with device management using Group Policy settings get a different kind of device management experience with Intune. However, Microsoft is promising that they'll have a similar Group Policy-like experience with the new Intune administrative templates now available.
The Intune administrative templates let "Windows administrators use the settings they are familiar with in group policy editor when they transition to cloud-attached management," Microsoft explained, in the announcement.
IT pros are getting more than 2,500 policy settings for users or devices with the new administrative templates, which apply to "Windows, OneDrive and Office, in a user interface that is similar to group policy editor," Microsoft added. The announcement provided examples of the graphical user interface for applying the template settings. When policies get configured, the affected administrative template will shift to the top of the list.
The Intune administrative templates for Windows 10 are housed in Microsoft's cloud datacenters but are based on ADMX files, an XML-based text file that's typically used to locally specify configuration policies. Here's how it was described in this Microsoft document:
These [Windows 10 administrative template] settings are built in to Windows, and are ADMX-backed settings (opens another Microsoft site) that use XML. The Office settings are ADMX-ingested, and use the ADMX settings in Office administrative template files. But, the Intune templates are 100% cloud-based.
Microsoft also indicated this week that its Windows Mobile Device Management Security Baselines for Intune have reached the "general availability" stage for production-environment use. These security baselines are configuration settings recommended by Microsoft for organizations. While Microsoft's venerable Security and Compliance Toolkit has typically provided security baselines for Windows systems, Intune now has its own form, and the baselines come from the same engineering team at Microsoft.
The Intune security baselines are helpful for IT pros familiar with Group Policy.
"If you're currently using Group Policy, migrating to Intune for management is much easier with these baselines natively built into Intune's modern management platform," Microsoft's announcement explained.
Microsoft is also touting the security baselines in Intune as providing "intelligent cloud insights." IT pros get reports on the settings used in an organization, and they can customize the baseline policies as needed. They'll get notified of any devices that are out of compliance with the policies.
The baselines have versions, and users of the security baselines preview can upgrade to newer one. They can opt to keep or discard any customizations during that upgrade process.
Intune users will start to see the new security baselines "over the next few days," Microsoft indicated.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.