What is Security baselines
Security Baseline permit to secure and protect users and device present on Intune. It can be deploy to the group of user or Windows 10 device. With this settings, you can enable few parameter (automatically enables BitLocker, automatically disables basic authentication, etc.).
Create a Security baselines
From the Intune portal, click on Device Security.
On the Security Baselines, select the desired baselines (MDM or ATP). Click on MDM Security Baseline.
On the central panel, click on Create Policy
Enter the name and descrition for the Security Baseline and click on Next.
Confifgure the setting as you want and click on Next.
You can now select the group that you want. You can assign to a Default group (All users, All devices or a group present on Azure AD.
Click on Create to lauch creation.
The profile has now been present on the Intune portal.
You can change version directly from the Intune console. This option not permit to change baseline types (baseline for Defender ATP to MDM security baseline for example.) When the version has changed, it’s possible to download a CSV file. This file permit to know the changes between version A and version B.