Security baselines in Microsoft Intune and CIS benchmark are two popular security baselines that organizations can use to secure their devices. While both provide guidelines for securing devices, there are some differences between them. In this article, we will explore the pros and cons of each and help you decide which one is best for your organization.
Security Baselines in Microsoft Intune
Microsoft Intune is a cloud-based service that provides mobile device management, mobile application management, and PC management capabilities. It also provides security baselines that organizations can use to secure their devices. These baselines are pre-configured settings that can be applied to devices to ensure that they are secure.
Pros:
Easy to deploy: Microsoft Intune security baselines are easy to deploy and can be applied to devices with just a few clicks.
Integration with Microsoft Endpoint Manager: Microsoft Intune is integrated with Microsoft Endpoint Manager, which makes it easy to manage devices from a single console.
Regular updates: Microsoft updates its security baselines regularly to ensure that they are up-to-date with the latest security threats.
Cons:
Limited customization: Microsoft Intune security baselines are pre-configured, which means that organizations have limited customization options.
Limited platform support: Microsoft Intune security baselines are only available for Windows devices.
CIS Benchmarks
The Center for Internet Security (CIS) is a non-profit organization that provides guidelines for securing devices. The CIS benchmark is a set of guidelines that organizations can use to secure their devices. The CIS benchmark is available for a wide range of platforms, including Windows, Linux, and macOS. The benchmarks themselves come in PDF format, and the document provides IT admins options for configuring Intune to various levels of security. The options are:
Level 1 (L1) – Corporate/Enterprise Environment (general use)
Level 1 (L1) + BitLocker (BL)
Level 1 (L1) + Next Generation Windows Security (NG)
Level 1 (L1) + BitLocker (BL) + Next Generation Windows Security (NG)
Level 2 (L2) – High Security/Sensitive Data Environment (limited functionality)
Level 2 (L2) + BitLocker (BL)
Level 2 (L2) + Next Generation Windows Security (NG)
Level 2 (L2) + BitLocker (BL) + Next Generation Windows Security (NG)
BitLocker (BL) – optional add-on for when BitLocker is deployed
Next Generation Windows Security (NG) – optional add-on for use in the newest hardware and configuration environments
Pros:
Comprehensive: The CIS benchmark is comprehensive and covers a wide range of security settings. Extremely thorough investigation with details, providing admins with the exact reasons why to apply each listed setting.
Customizable: The CIS benchmark provides organizations with a high degree of customization, which means that they can tailor the settings to meet their specific needs.
Platform support: The CIS benchmark is available for a wide range of platforms, including Windows, Linux, and macOS.
Cons:
Time-consuming: The CIS benchmark is time-consuming to implement, and organizations may need to hire a security expert to help them implement it. If there are any future changes (minor or major) to the CIS benchmark, it could possibly make things more difficult to update, especially if you need to scan another 1000-page document.
Overprotecting: You potentially run into the instance of laptops being “overprotected,” which could influence user productivity if Level 2 protection is enabled.
Which one is best for organizations?
Both Microsoft Intune security baselines and CIS benchmark have their pros and cons. Security baselines are easy to deploy and integrate with Microsoft Intune, while the CIS benchmark is comprehensive and customizable. Organizations that use Microsoft devices and want an easy-to-deploy solution may prefer security baselines. On the other hand, organizations that use a wide range of platforms and want a highly customizable solution may prefer the CIS benchmark.
In conclusion, the choice between Microsoft Intune security baselines and CIS benchmarks depends on the specific needs of the organization. Organizations should evaluate their needs and choose the solution that best meets those needs.