Today, I wanted to dive into a topic that’s both intriguing and slightly nerdy M365 Security Baselines in Intune! When I posted about Windows 10 Baselines, my friend Thiago Beier asked me a great question: “Did you seriously pull all those JSON files manually, or did you cleverly automate it?” Confession time: initially, it was manual labor, but Thiago’s question sparked my curiosity and boom, a quest for automation began!
Quick Access to JSON Files
Before we jump into the nerdy details, if you’re just here for the JSON goodies (no judgment, some of us do not need to know how the sausage is made), you can grab them directly from my repo here:
Security-Baselines/M365 Baseline at master · dgulle/Security-Baselines
The script that we will be discussing is located here:
Creating and Exporting the Baseline
Still here? Awesome! Let’s have some fun extracting these baselines a quick way!
First things first, I hopped into Intune and navigated to Endpoint Security > Security Baselines > Microsoft M365 Apps for Enterprise. From here, I quickly create a default M365 baseline. Once set, I navigate back to Devices > Configuration, searched for my new baseline, and clicked Export JSON.
Now we have a JSON file! Now, what’s cool about this file is it’s like a treasure map, containing keywords that neatly categorize each setting. For instance, anything labeled “policy_config_word16” gives away a little spoiler yep, it’s related to Word! Handy, right?
Creating the Hashtable
Here’s where things get a bit scripty. Using these handy little keywords, I created a hashtable. So, whenever the script sees “policy_config_access16,” it knows that’s our friendly Access category, “policy_config_excel16” is Excel, and so on.
Troubleshooting Outlook.JSON
But wait just when I thought it would be smooth sailing, Outlook.JSON threw me a curveball. Testing the import into Intune, I got an error message that’s about as descriptive as saying “there was an issue” Thanks, Intune.
Here is where the troubleshooting began……
Using Edge Developer Tools (F12, my best friend), and navigated to the network tab. Here I can see the error occurred when attempting to POST.
I found a slightly more helpful hint: “Property settingValueTemplateReference doesn’t match the schema.” Still not crystal clear, but better!
Turns out, Outlook’s settings were a bit quirky, with multiple child options causing some formatting chaos.
To tackle this, I crafted a quick-fix script specifically for Outlook settings. This snippet turns those problematic entries into ‘null,’ making Intune happy again.
Wrapping It Up
Once the script runs, it neatly dumps all these fresh JSON files into a cozy little folder at “C:\M365_Baselines” (modified on Line 2 of the script) And there you have it a neat package of automation with just a sprinkle of troubleshooting magic!
Feeling inspired? You can explore more cool tools from Thiago here or check out another great resource by Gannon Novak here.
