Device Security Baselines

Contents

This section outlines the optional ‘Baselining’ feature which is now part of the NHSmail Intune Service available to all onboarded organisations. The new NCSC/CIS (National Cyber Security Centre/Centre for Internet Security) Security Baselines provide organisations with standards-led security configurations which can be deployed to enrolled devices. The Security Baselines support both the Cyber Essentials and Cyber Essentials Plus accreditations for Intune configuration.

Organisations can assign all centralised Baselines using only new configurations or select individual NCSC/CIS policies in conjunction with existing NHSmail Intune Baselines.

CIS/NCSC Security Baselines Overview

The Live Service Team will review the policies to ensure they are aligned with the latest approved benchmarks set by CIS/NCSC Security Baselines.

Note:

Our NHSmail Intune Live Service Team do not support queries related to CIS or NCSC. Please navigate to the respective websites for more information on CIS and NCSC.

Utilising the Security Baseline Policies

1. Onboarded organisations will currently have a Centrally-managed Windows Security Baseline available to them (for Windows 10/11) and ‘pencilled-in’ centrally available device configurations for device security on mobile devices.

2. Organisations can now assign Security Baseline policies compliant with CIS/NCSC profiles to all device types.

3. The addition of Security Baseline policies within NHSmail Intune alongside existing ‘pencilled-in’ configurations allows organisations to fine-tune their device configurations to support the attainment of Cyber Essentials and Cyber Essentials Plus accreditations.