# Intune
**Section Purpose:** The security section shows recommend security controls for Teams based on the CIS Controls. Each control contains the following subsections:
* Description
* Policy Definition
* Licensing Considerations
* Set Up Instructions
* End-User Impact
* PowerShell Scripts
* Video Tutorials
| Policy | End-User Impact | License |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | ----------- |
| [personal-devices-should-be-restricted-from-enrolling-into-the-mdm-solution](https://docs.tminus365.com/security/intune/personal-devices-should-be-restricted-from-enrolling-into-the-mdm-solution "mention") | Medium | Standard |
| [devices-shall-be-deleted-that-havent-checked-in-for-over-30-days](https://docs.tminus365.com/security/intune/devices-shall-be-deleted-that-havent-checked-in-for-over-30-days "mention") | Low | Standard |
| [devices-compliance-policies-shall-be-configured-for-every-supported-device-platform](https://docs.tminus365.com/security/intune/devices-compliance-policies-shall-be-configured-for-every-supported-device-platform "mention") | Medium | Standard |
| [noncompliant-devices-shall-be-blocked-from-accessing-corporate-resources](https://docs.tminus365.com/security/intune/noncompliant-devices-shall-be-blocked-from-accessing-corporate-resources "mention") | High | Azure AD P1 |
| [mfa-shall-be-required-for-intune-enrollment](https://docs.tminus365.com/security/intune/mfa-shall-be-required-for-intune-enrollment "mention") | Medium | Azure AD P1 |
| [security-baselines-should-be-configured-for-windows-devices](https://docs.tminus365.com/security/intune/security-baselines-should-be-configured-for-windows-devices "mention") | Medium | Standard |
| [windows-update-rings-shall-be-configured-for-windows-devices](https://docs.tminus365.com/security/intune/windows-update-rings-shall-be-configured-for-windows-devices "mention") | Medium | Standard |
| [update-policies-shall-be-configured-for-apple-devices](https://docs.tminus365.com/security/intune/update-policies-shall-be-configured-for-apple-devices "mention") | Medium | Standard |
| [app-protection-policies-should-be-created-for-mobile-devices](https://docs.tminus365.com/security/intune/app-protection-policies-should-be-created-for-mobile-devices "mention") | Medium | Standard |
| [mobile-devices-shall-only-be-able-to-access-corporate-data-through-approved-client-apps](https://docs.tminus365.com/security/intune/mobile-devices-shall-only-be-able-to-access-corporate-data-through-approved-client-apps "mention") | Medium | Azure AD P1 |
| [lockout-screen-and-password-settings-shall-be-configured-for-each-device](https://docs.tminus365.com/security/intune/lockout-screen-and-password-settings-shall-be-configured-for-each-device "mention") | Medium | Standard |
| [encryption-shall-be-required-on-all-devices](https://docs.tminus365.com/security/intune/encryption-shall-be-required-on-all-devices "mention") | Low | Standard |
| [windows-hello-for-business-should-be-configured-where-applicable](https://docs.tminus365.com/security/intune/windows-hello-for-business-should-be-configured-where-applicable "mention") | Low | Standard |
| [authorized-applications-shall-be-configured-for-single-sign-on](https://docs.tminus365.com/security/azure-ad-entra/authorized-applications-shall-be-configured-for-single-sign-on "mention") | Low | Standard |
| [device-use-shall-be-restricted-until-required-applications-are-installed](https://docs.tminus365.com/security/intune/device-use-shall-be-restricted-until-required-applications-are-installed "mention") | Medium | Standard |
| [devices-and-applications-shall-be-wiped-when-a-user-leaves-the-organization-or-reports-a-lost-stolen](https://docs.tminus365.com/security/intune/devices-and-applications-shall-be-wiped-when-a-user-leaves-the-organization-or-reports-a-lost-stolen "mention") | None | Standard |