win365 readme

OpenIntuneBaseline - Windows 365

Intended Use-Case

The baseline has been designed for, and tested on the following:

Device:

Windows 11 Enterprise 23H2 Gallery Image
W365 Provisioning Policy configuration:
- License Type - Enterprise
- Join Type - Microsoft Entra Joined
- Network - Microsoft Hosted Network
- Use Microsoft Entra single sign-on - Yes

User:

Cloud-Only or Hybrid Identity with Entra ID as IdP
MFA configured via Conditional Access
User is not an Administrator

Licensing:

M365 Business Premium or M365 E5/A5, or M365 E3/A3 + MDE P1/P2
OR:
- Entra ID P1 or P2
- Office 365 E3/E5, A3/A5 or F3
- Intune P1
- Defender for Business or Endpoint P1/P2
An appropriate Windows 365 Enterprise SKU

Access to the W365 host has been tested using the Windows App via a client also running the Windows OIB.

Note

The Windows 365 OIB is designed to work as an addition to the Windows OIB. It is recommended to assign the W365 host all Windows OIB policies with the exception of:

BitLocker
Device Health Compliance Policy

The above can be achieved using group assignments or Intune filters.

Warning

The Windows 365 OIB is not designed to protect corporate data if accessed via a non-corporate device.

Importing the Baseline:

Please reference Importing the Baseline for information.

Baseline Security Posture

Primary information regarding adherence to security frameworks can be found in the main README.

The Windows 365 OIB has been created with the following Microsoft documentation as guidance:

Included Settings

Connectivity configuration
Resource redirection including restricting clipboard transfer from server to client
W365-specific Device Health Compliance policy

All policies are Settings Catalog and will show in Devices>Configuration Profiles.

For a complete list of settings, please consult SETTINGSOUTPUT.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly