This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
So, the Microsoft 365 Apps for Enterprise Security Baseline creates some confusion in out Best Practise model, because it is the only baseline which has both Device and User based settings inside. I understand that some settings of Office needs to be assigned to User Context. But the publication of this kind of baseline brings some headache to our Best Practises. I am wondering, how others are dealing with this. Do you just assign it as-is for all users, or do you split it to 2 different baselines, devices vs. users? Our Intune BP is build on traditional assignment method (taken from Group Policy and SCCM ages), where all the standard system stuff is assigned to Devices and all the special role based non-mandatory stuff are assgned to users. Share your thoughts please :)
@Pavel yannara Mirochnitchenko Thanks for posting in our Q&A.
Not sure which is a best practise. I usually prefer Device based settings. If a setting doesn't have Device based setting, I will use the User based setting.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.