Intune Windows 11 CIS Benchmarks Security Policy Settings Design Decisions - Part 10

In this video, you will learn more about Intune Windows 11 CIS Benchmarks and Security Policy Settings Design Decisions - Intune Design Decisions Part 10

More Details https://www.anoopcnair.com/download-i... and

#msintune #CIS #SecurityBenchmark #Microsoft365 #M365 #microsoftsecurity #microsoftintune #intunestudy

===
Intune Design decisions series part 9 video about reporting:

Intune Design Decisions Video Series playlist -    • Intune Design Decisions  

===
CIS Benchmark for Windows 11 and Intune!

Windows 11/Windows 10
Profiles/Personas
Remediation with Automation

===
What is CIS Benchmark for Intune?

The CIS (Center for Internet Security) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyber defense.’
Many organizations use the CIS benchmark as their security baseline.
You can download CIS benchmark for different Microsoft products, and it’s free!
Download the document for guidance for establishing a secure configuration poster for Microsoft Intune with Windows devices.

===
CIS Microsoft Intune for Windows 11 Benchmark v1.0.0 - Intune CIS Benchmark for Windows 11 Download for Free?

CIS Released new benchmark documents for Microsoft Intune for Windows Microsoft Windows!
First CIS benchmark for Windows 11 - CIS Microsoft Intune for Windows 11 Benchmark v1.0.0
Updated Version for Windows 10 - CIS Microsoft Intune for Windows 10 Benchmark v1.1.0

===
What are CIS Benchmark Profiles?

CIS benchmark profiles are a collection of recommendations for securing a technology or a supporting platform.
Intune benchmark for Windows 11 includes Level 1(general/std use) and Level 2 Profiles.
Persona mapping with security team discussions to get an agreement on profiles.

Level 1 (L1) - Corporate/Enterprise Environment (general use)
Level 1 (L1) + BitLocker (BL)
Level 1 (L1) + Next Generation Windows Security (NG)
Level 1 (L1) + BitLocker (BL) + Next Generation Windows Security (NG)
Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)
Level 2 (L2) + BitLocker (BL)
Level 2 (L2) + Next Generation Windows Security (NG)
Level 2 (L2) + BitLocker (BL) + Next Generation Windows Security (NG)
BitLocker (BL) - optional add-on for when BitLocker is deployed
Next Generation Windows Security (NG) - optional add-on for use in the newest hardware and configuration environments

A collection of recommendations for securing a technology or a supporting platform. Most benchmarks include at least a Level 1 and Level 2 Profile.


l 1 (L1) - Corporate/Enterprise Environment (general use)
Items in this profile intend to:
o be the starting baseline for most organizations;
o be practical and prudent;
o provide a clear security benefit; and
o not inhibit the utility of the technology beyond acceptable means.
•
This profile extends the "Level 1 (L1)" profile and includes BitLocker-related
recommendations.
•
This profile extends the "Level 1 (L1)" profile and includes Next Generation
Windows Security-related recommendations.
•
This profile extends the "Level 1 (L1)" profile and includes BitLocker and Next
Generation Windows Security-related recommendations.
Page 26
•
This profile extends the "Level 1 (L1)" profile. Items in this profile exhibit one or
more of the following characteristics:
o are intended for environments or use cases where security is more critical
than manageability and usability;
o may negatively inhibit the utility or performance of the technology; and
o limit the ability of remote management/access.
Note: Implementation of Level 2 requires that both Level 1 and Level 2 settings
are applied.
Page 2

===
How to check CIS Recommended Policies?

Applicable for Level 1 profile - (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure’
Check the Remediation section to get Intune policy configuration options in Intune.
Wait! It’s not always necessary to create a custom policy as recommended in the CIS

===
Quick Steps to Kick Start

Download the CIS Benchmark PDF for free.
Decide which CIS benchmark profile based on persona.
Go through the recommended policies.
Follow best practices shared in Intune Security policy methods video

===
Download link for Intune CIS Benchmark for Windows 11 devices

https://www.cisecurity.org/benchmark/...

You need to signup with all the details to get the FREE PDF version of the CIS Benchmark. Securing Microsoft Windows Desktop. An objective, consensus-driven security guideline for the Microsoft Windows Desktop Operating Systems. A step-by-step checklist to secure Microsoft Windows Desktop.

===
More Blog posts related to SCCM/Intune/Windows 11/Cloud PC/AVD/Hyper-V/Cloud/IT Pro/Azure -

✔ https://www.anoopcnair.com/windows-365/