Security Baselines Report
Security baseline assignment status and compliance across managed Windows devices. Track how well your devices align with Microsoft recommended security configurations.
Overview
The Security Baselines Report shows how your managed devices comply with Microsoft security baselines. These baselines represent Microsoft recommended security configurations for Windows, Microsoft Edge, Microsoft Defender for Endpoint, and Microsoft 365 Apps.
Report Columns
| Column | Description |
|---|---|
| Baseline | Name of the security baseline |
| Version | Baseline version number |
| Assigned | Number of devices targeted |
| Compliant | Devices meeting all baseline settings |
| Error | Devices where baseline application failed |
| Conflict | Devices with conflicting settings |
| Not Applicable | Devices where baseline does not apply |
| Compliance Rate | Percentage of fully compliant devices |
Available Baselines
| Baseline | Description |
|---|---|
| Windows Security Baseline | Core Windows security settings |
| Microsoft Edge Baseline | Browser security and configuration |
| Defender for Endpoint Baseline | Endpoint protection settings |
| Microsoft 365 Apps Baseline | Office application security |
| Windows 365 Baseline | Cloud PC security configuration |
Per-Setting Compliance
For each baseline, drill down into individual settings:
- Compliant Settings — Settings applied and matching the baseline
- Non-compliant Settings — Settings that deviate from the baseline
- Error Settings — Settings that could not be evaluated
- Conflict Settings — Settings conflicting with other profiles
Filters
- Baseline — Filter by specific security baseline
- Status — Compliant, Non-compliant, Error, Conflict
- Device Group — Filter by Intune device group
- Tenant — Filter by managed tenant
Best Practices
- Start with the Windows Security Baseline as your foundation
- Layer additional baselines (Edge, Defender) for comprehensive coverage
- Review and resolve conflicts between baselines and custom profiles
- Update to the latest baseline version when Microsoft releases updates
- Test baseline changes with a pilot group before broad deployment
Graph API Data Sources
GET /deviceManagement/templatesGET /deviceManagement/configurationPolicies
API Reference
GET /api/reports/intune/security-baselines— Get security baselines reportGET /api/reports/intune/security-baselines/{baselineId}— Get specific baseline detailsPOST /api/reports/intune/security-baselines/export— Export report data
Last updated on