1. Home
  2. Device management
  3. Configure
  4. Device Security Baselines

Device Security Baselines

This section outlines the optional ‘Baselining’ feature which is now part of the NHSmail Intune Service available to all onboarded organisations. The new NCSC/CIS (National Cyber Security Centre/Centre for Internet Security) Security Baselines provide organisations with standards-led security configurations which can be deployed to enrolled devices. The Security Baselines support both the Cyber Essentials and Cyber Essentials Plus accreditations for Intune configuration.

Organisations can assign all centralised Baselines using only new configurations or select individual NCSC/CIS policies in conjunction with existing NHSmail Intune Baselines.

CIS/NCSC Security Baselines Overview

The Live Service Team will review the policies to ensure they are aligned with the latest approved benchmarks set by CIS/NCSC Security Baselines.


Our NHSmail Intune Live Service Team do not support queries related to CIS or NCSC. Please navigate to the respective websites for more information on CIS and NCSC.

Utilising the Security Baseline Policies

1. Onboarded organisations will currently have a Centrally-managed Windows Security Baseline available to them (for Windows 10/11) and ‘pencilled-in’ centrally available device configurations for device security on mobile devices.


2. Organisations can now assign Security Baseline policies compliant with CIS/NCSC profiles to all device types.



3. The addition of Security Baseline policies within NHSmail Intune alongside existing ‘pencilled-in’ configurations allows organisations to fine-tune their device configurations to support the attainment of Cyber Essentials and Cyber Essentials Plus accreditations.


For more information on the Security Baseline Policies available please refer to the Operations Guide.

Assigning the Policies

To assign the policies, navigate to the Configuration Profiles within NHSmail Intune:



In assignments for the policies, add device groups that you would like to assign (some or all) of the configuration profiles to:



NCSC Configuration successfully applied can be viewed on the Windows Device blade for the resource:

Benefits, Changes and Adoption

What is Cyber Essentials?

Cyber Essentials is a broad-scope IT security audit that organisations can subscribe to in order to become Cyber Essentials ‘accredited’.

Organisations access Cyber Essentials Accreditation by following this link https://getreadyforcyberessentials.iasme.co.uk

Last Reviewed Date 29/02/2024
Updated on 29/02/2024

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top