Modules
Golden Master Policies
Define customer security baselines, assign them and detect configuration drift.
Purpose
A Golden Master Policy represents an expected security baseline: Intune, Defender, Entra, Windows compliance, encryption, MFA or a custom control.
Practical workflow
Create a policy, set platform and severity, assign it to customers, monitor drift, route critical events and document remediation.
Controls and validation
Validate assignments, drift counts, severity, owner, alert route and remediation notes. Start in monitor mode before enforcing anything.
Security and compliance
Automatic enforcement must be introduced carefully with customer validation, minimal permissions, rollback and complete audit.
Common mistakes
A policy without owner or remediation path becomes shelfware. A policy enforced too early can break a customer environment.