How can I enhance Intune security policies with CIS?

Avatar
Nerdio Product Support

How can I enhance Intune security policies with CIS?

Nerdio Manager has established an exclusive agreement with the Center for Internet Security (CIS), a globally recognized non-profit organization dedicated to improving cybersecurity. CIS is best known for:

  • CIS controls: A set of best practices for strengthening cybersecurity defenses.

  • CIS benchmarks: Industry-standard security configurations for over 25 product categories, including Windows 10, Windows 11, and Windows Server.

By using Nerdio Manager’s CIS-certified security baselines, you can efficiently deploy Intune security policies across multiple customers while ensuring alignment with industry best practices. This approach significantly reduces the complexity of security management and provides a scalable, compliant solution for modern IT environments.

Consider the following recommendations:

  • Align Intune security policies with CIS benchmarks: A default Windows 11 installation is only 24% compliant with CIS Benchmarks. Many regulatory frameworks, such as NIST, ISO, HIPAA, and PCI, align with CIS standards. To simplify implementation, CIS provides the CIS Critical Security Controls Navigator, an interactive tool that maps CIS controls to various compliance requirements.

    Nerdio is the only MSP solution provider authorized to distribute CIS Security Baselines for Windows 11 endpoints at no cost. This allows you to implement industry-leading security policies with minimal effort.

    • CIS-certified Intune security baselines cover 13 key categories:

    • CIS (L1) Admin Templates - System (Windows 10/11)

    • CIS (L1) Admin Templates - Windows Components (Windows 10/11)

    • CIS (L1) Auditing (Windows 10/11)

    • CIS (L1) Defender (Windows 10/11)

    • CIS (L1) Device and Lock & Windows Hello for Business (Windows 10/11)

    • CIS (L1) Firewall (Windows 10/11)

    • CIS (L1) Local Policies Security Options (Windows 10/11)

    • CIS (L1) Section 1 – 3.9.1.1 (Windows 10/11)

    • CIS (L1) Section 22 – 80 (Windows 10/11)

    • CIS (L1) System Services (Windows 10/11)

    • CIS (L1) User Rights (Windows 10/11)

    • CIS (L1) Windows Update (Windows 10/11)

    • CIS (L1) Virtualization-Based Technology (Windows 10/11)

  • Simplify security policy implementation: Manually implementing CIS Benchmarks requires referencing a 1,300+ page PDF guide that details each setting and its rationale. Nerdio Manager eliminates this complexity by providing pre-built CIS Level 1 policy baselines that can be applied to customer environments in just a few clicks.

  • Use CIS-CAT compliance reporting: To verify compliance, Nerdio Manager provides CIS-CAT reports upon request. This tool scans endpoints after CIS policies have been applied, generating a detailed compliance report that:

    • Identifies aligned settings and non-compliant configurations.

    • Confirms that hardened endpoints achieve ~97% compliance with CIS Benchmarks.

    • Provides documented evidence of compliance with regulatory requirements.

    For details, see Enable CIS Hardened Images.

To learn more about Intune policy baselines in Nerdio Manager, see:

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Related articles

Comments (0 comments)

Please sign in to leave a comment.