Select “ Devices” and then “ Group Policy analytics" to land on the policy page to perform the import of the STIGs we are going to analyze. Once logged in you will arrive at the home page. Navigate to Microsoft Endpoint Manager and log in with your credentials. This article assumes you have enrolled or are going to enroll devices in MEM and we want to check to make sure your tenant status is green on the home page before continuing. Importing STIGs in Microsoft Endpoint Manager If you are a State/Federal/DoD agency and use MEM, feel free to follow along with your tenant as this demo was performed in IL5 before writing this article below in my private Microsoft tenant. At the end of this article, I will reference several publicly available Federal baselines/STIGs to download and implement in your organization if you are not already using a stringent baseline as of today. Certain Federal agencies and other Department of Defense (DoD) entities have created their own internal and also publicly available baselines or better known as Security Technical Implementation Guides (STIGs). These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. Security baselines are a group of Microsoft-recommended configuration settings which explain their security impact. What is Microsoft Security Baselines and/or STIGs? With that said, let's import several baselines and see the correlation from on-premises to MEM mapping and see how we can make the move to the cloud that much easier. In this article, I will explain and show how to import an on-premises baseline Group Policy Objects (GPO) into Microsoft Endpoint Manager (MEM) and see the settings that directly carry over and how to create a policy for the ones that are not MDM compliant. With my large customer base in the Microsoft Federal space and having to comply with internal security baselines and moving to a cloud-centric platform to manage devices, it is important to know if the baselines/settings will carry over. This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |