Managing endpoint security in Microsoft Intune
In this tutorial, we will learn about Managing endpoint security in Microsoft Intune.
Use the Endpoint security node in Intune as a Security Admin to set up device security and manage security duties for devices that are at risk. Endpoint security policies are intended to assist you in focusing on the security of your devices while also reducing risk.
The Endpoint security node, on the other hand, gathers the tools you’ll employ to keep devices safe that are available through Intune:
- Firstly, review the status of all your managed devices. Use the All devices view where you can view device compliance from a high level. Then, drill into specific devices to understand which compliance policies aren’t met so you can resolve them.
- Secondly, deploy security baselines that establish best practice security configurations for devices. Intune includes security baselines for Windows devices and a growing list of applications, like Microsoft Defender for Endpoint and Microsoft Edge.
- Thirdly, manage security configurations on devices through tightly focused policies. Each Endpoint security policy focuses on aspects of device security like antivirus, disk encryption, firewalls, and several areas made available through integration with Microsoft Defender for Endpoint.
- Then, establish device and user requirements through compliance policy. With compliance policies, you set the rules that devices and users must meet to be considered compliant.
- After that, when you integrate with Azure Active Directory (Azure AD) conditional access policies to enforce compliance policies, you can gate access to corporate resources for both managed devices, and devices that aren’t managed yet.
- Lastly, integrate Intune with your Microsoft Defender for Endpoint team. By integrating with Microsoft Defender for Endpoint you gain access to security tasks.
Manage Security baselines
Intune security baselines are pre-configured collections of parameters that are best practice recommendations from the product’s relevant Microsoft security teams. Security baselines for Windows 10 device settings, Microsoft Edge, Microsoft Defender for Endpoint Protection, and more are all supported by Intune.
You may also utilize security baselines to quickly implement best-practice device and application settings to secure your users and devices. Devices running Windows 10 version 1809 and later can use security baselines.
Reviewing Security tasks from Microsoft Defender for Endpoint
When you combine Intune with Microsoft Defender for Endpoint Security. Then, in Intune, you can examine Security tasks that detect at-risk devices and give mitigation methods. You may also utilize the tasks to report back to Microsoft Defender for Endpoint after successful risk mitigation.
- Firstly, your Microsoft Defender for Endpoint team determines what devices are at risk and pass that information to your Intune team as a security task. With a few clicks, they create a security task for Intune that identifies,
- the devices at risk
- vulnerability
- provides guidance on how to mitigate that risk.
- Secondly, the Intune Admins review security tasks and then act within Intune to remediate those tasks. After mitigation, they set the task to complete, which communicates that status back to the Microsoft Defender for Endpoint team.
Configure conditional access
You may utilise Azure Active Directory (Azure AD) Conditional Access rules with Intune to safeguard devices and corporate resources. Intune, on the other hand, sends the results of your device compliance policies to Azure Active Directory. Conditional access policies are then used to control which devices and apps have access to your business resources. Conditional access policies can also be used to control access to devices that aren’t managed by Intune. It can then leverage compliance information from Mobile Threat Defense partners that you have integrated with Intune.
The following are two common methods of using conditional access with Intune:
- Firstly, device-based conditional access
- Secondly, app-based conditional access
Set up Integration with Microsoft Defender for Endpoint
Intune can integrate with several Mobile Threat Defense partners. And, when you use Microsoft Defender for Endpoint you gain a tight integration between Microsoft Defender for Endpoint and Intune with access to deep device protection options, including:
- Firstly, Security tasks. This includes seamless communication between Defender for Endpoint and Intune admins about devices at risk. And, further, how to remediate them, and confirm when those risks mitigate.
- Secondly, streamlined onboarding for Microsoft Defender for Endpoint on clients.
- Thirdly, use of Defender for Endpoint device risk signals in Intune compliance policies.
- Lastly, access to Tamper protection capabilities.
Role-based access control requirements
An account must meet the following requirements to handle tasks in the Microsoft Endpoint Manager admin center’s Endpoint security node:
- A licence for Intune will be issued to you.
- Have role-based access control (RBAC) rights equal to those granted by the Endpoint Security Manager’s built-in Intune role. The Microsoft Endpoint Manager admin centre is accessible through the Endpoint Security Manager job. Individuals in charge of security and compliance features like as security baselines, device compliance, conditional access, and Microsoft Defender for Endpoint might utilise this position.
Avoid policy conflicts
Many of the device settings you can customize can handle via Intune’s various functions. Among these features include, but are not limited to:
- Endpoint security policies
- Security baselines
- Device configuration policies
- Windows enrollment policies
Reference: Microsoft Documentation