# Intune
**Section Purpose:** The security section shows recommend security controls for Teams based on the CIS Controls. Each control contains the following subsections:
* Description
* Policy Definition
* Licensing Considerations
* Set Up Instructions
* End-User Impact
* PowerShell Scripts
* Video Tutorials
| Policy | End-User Impact | License |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | ----------- |
| [Personal Devices should be restricted from enrolling into the MDM solution](/security/intune/personal-devices-should-be-restricted-from-enrolling-into-the-mdm-solution.md) | Medium | Standard |
| [Devices shall be deleted that haven’t checked in for over 30 days](/security/intune/devices-shall-be-deleted-that-havent-checked-in-for-over-30-days.md) | Low | Standard |
| [Devices compliance policies shall be configured for every supported device platform](/security/intune/devices-compliance-policies-shall-be-configured-for-every-supported-device-platform.md) | Medium | Standard |
| [Noncompliant devices shall be blocked from accessing corporate resources](/security/intune/noncompliant-devices-shall-be-blocked-from-accessing-corporate-resources.md) | High | Azure AD P1 |
| [MFA Shall be required for Intune Enrollment](/security/intune/mfa-shall-be-required-for-intune-enrollment.md) | Medium | Azure AD P1 |
| [Security Baselines should be configured for Windows Devices](/security/intune/security-baselines-should-be-configured-for-windows-devices.md) | Medium | Standard |
| [Windows Update Rings shall be configured for Windows Devices](/security/intune/windows-update-rings-shall-be-configured-for-windows-devices.md) | Medium | Standard |
| [Update Policies shall be configured for Apple Devices](/security/intune/update-policies-shall-be-configured-for-apple-devices.md) | Medium | Standard |
| [App Protection policies should be created for mobile devices](/security/intune/app-protection-policies-should-be-created-for-mobile-devices.md) | Medium | Standard |
| [Mobile devices shall only be able to access corporate data through approved client apps](/security/intune/mobile-devices-shall-only-be-able-to-access-corporate-data-through-approved-client-apps.md) | Medium | Azure AD P1 |
| [Lockout screen and password settings shall be configured for each device](/security/intune/lockout-screen-and-password-settings-shall-be-configured-for-each-device.md) | Medium | Standard |
| [Encryption shall be required on all devices](/security/intune/encryption-shall-be-required-on-all-devices.md) | Low | Standard |
| [Windows Hello for Business should be configured where applicable](/security/intune/windows-hello-for-business-should-be-configured-where-applicable.md) | Low | Standard |
| [Authorized Applications shall be configured for Single Sign-On](/security/azure-ad-entra/authorized-applications-shall-be-configured-for-single-sign-on.md) | Low | Standard |
| [Device Use Shall be restricted until required applications are installed](/security/intune/device-use-shall-be-restricted-until-required-applications-are-installed.md) | Medium | Standard |
| [Devices and Applications shall be wiped when a user leaves the organization or reports a lost/stolen](/security/intune/devices-and-applications-shall-be-wiped-when-a-user-leaves-the-organization-or-reports-a-lost-stolen.md) | None | Standard |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.tminus365.com/security/intune.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.