This article provides guidance to Intune Administrators on how they can plan for the upcoming Security Baseline changes. For more information and an overview of the new baseline, please see the NHSmail Device Security Baseline article.
This guidance includes:
- How do I assess the new controls against my existing configuration?
- Are there any templates for sending email comms to our users?
- Is there an exceptions process?
How do I assess the new controls against my existing configuration?
You will need to assess the new controls being introduced against your existing environment to identify if any users will be directly affected. A step by step for the process is included below:
For App Protection Policies
1. Ahead of each release you will be provided with the details of the controls being configured for that release.
2. Log into https://intune.microsoft.com
3. On the left hand pane, Select “Apps”
4. In the “Apps” tab, select “App Protection Policies”
5. If you have configured your own App Protection Policies these will appear here. Review the settings of your policies against the new controls that will be introduced.
6. Where necessary, inform users of the upcoming changes.
If your current App Protection Policies are more secure than those being introduced, the new controls will not affect any of your existing policies. The minimum baseline is designed to support your organisation’s current environment.
For Device Compliance Policies
1. Ahead of each release you will be provided with the details of the controls being configured for that release.
2. Log into https://intune.microsoft.com
3. On the left hand pane, Select “Devices”
4. In the “Devices” tab, select “Compliance”
5. If you have configured your own Device Compliance Policies these will appear here. Select “Add Filters” to sort by Platform or OS if necessary.
6. Review the settings of your policies against the new controls that will be introduced, including the actions for non-compliance and notifications that may be sent to end users.
7. Where necessary, inform users of the upcoming changes.
If your current Device Compliance Policies are more secure than those being introduced, the new controls will not affect any of your existing policies. The minimum baseline is designed to support your organisation’s current environment.
Are There Any Templates For Sending Email Comms To Our Users?
Yes, we will provide you with email templates to send to your users ahead of each release. The email template for the first release is available from the Email Templates article.
Is There An Exceptions Process?
In rare cases, a few organisations may find that they have unique requirements that could result in a considerable impact or cost. Although this will not be the case with the vast majority of organisations, there is an exceptions process in place for those organisations who have this unique setup. If you believe your organisation fits this criteria, please contact the NHSmail Helpdesk.
| Last Reviewed Date | 07/08/2024 |
