Rod’s Blog

Share this post

Rod’s Blog
Rod’s Blog
Using Microsoft Intune to Implement and Manage Security
Copy link
Facebook
Email
Notes
More

Using Microsoft Intune to Implement and Manage Security

You can use Intune to configure device security policies, control device features, monitor device compliance, and remediate device risks.

Rod Trent
Jan 12, 2024
27

Share this post

Rod’s Blog
Rod’s Blog
Using Microsoft Intune to Implement and Manage Security
Copy link
Facebook
Email
Notes
More
Share

Microsoft Intune is a cloud-based service that allows you to manage and secure devices in your organization. You can use Intune to configure device security policies, control device features, monitor device compliance, and remediate device risks. Intune supports various device platforms, such as Windows, Android, iOS/iPadOS, macOS, and Linux. You can also use Intune to protect app data on devices that are not enrolled in Intune, using app protection policies.

In this article, let’s discuss how to use Microsoft Intune to implement and manage security for managed devices. This article will cover the following topics:

  • How to enroll devices in Intune

  • How to create and assign endpoint security policies in Intune

  • How to use Microsoft Defender for Endpoint to enhance device security

  • How to monitor and report on device security status and alerts

How to enroll devices in Intune

Before you can manage and secure devices with Intune, you need to enroll them in Intune. Device enrollment is the process of registering a device with Intune, so that it can receive policies and configurations from Intune. Depending on the device ownership and platform, there are different methods and requirements for device enrollment. For example, you can use:

  • Windows Autopilot to enroll new or reset Windows devices without any user interaction

  • Apple Business Manager or Apple School Manager to enroll new or reset iOS/iPadOS or macOS devices without any user interaction

  • Android Enterprise to enroll Android devices with a work profile or as fully managed devices

  • Device enrollment manager to enroll multiple devices on behalf of users

  • Bulk enrollment to enroll multiple devices using a provisioning package or a token

  • User-driven enrollment to enroll devices using the Company Portal app or a web browser

For more information and guidance on how to enroll devices in Intune, see Set up enrollment for Windows devices in Microsoft Intune and Enroll devices in Intune.

How to create and assign endpoint security policies in Intune

After you enroll devices in Intune, you can create and assign endpoint security policies to manage the security settings and features on those devices. Endpoint security policies are designed to help you protect your devices and data from various threats, such as malware, ransomware, phishing, data leakage, and unauthorized access. You can use the Endpoint security node in the Microsoft Intune admin center to configure and deploy endpoint security policies.

There are different types of endpoint security policies available in Intune, depending on the device platform and the security area. For example, you can use:

  • Antivirus policies to configure Microsoft Defender Antivirus settings, such as real-time protection, cloud-delivered protection, and scan options

  • Firewall policies to configure Microsoft Defender Firewall settings, such as firewall profiles, rules, and notifications

  • Attack surface reduction policies to configure Microsoft Defender for Endpoint settings, such as exploit protection, network protection, and controlled folder access

  • Account protection policies to configure Microsoft Defender for Identity settings, such as password protection, sign-in options, and security alerts

  • Device compliance policies to configure the minimum requirements for device health and posture, such as OS version, encryption, and update status

  • Device configuration policies to configure general device settings, such as password, encryption, and VPN

To create and assign endpoint security policies in Intune, follow these steps:

  1. Sign into the Microsoft Endpoint Manager admin center.

  2. Select Endpoint security.

  3. Select the type of policy you want to create, such as Antivirus or Firewall.

  4. Select Create Policy.

  5. Enter a name and a description for the policy.

  6. Select the platform of the devices you want to target, such as Windows 10 and later or iOS/iPadOS.

  7. Configure the settings for the policy, such as enabling or disabling features, setting values, and choosing options.

  8. Select Next.

  9. Select the groups of devices or users you want to assign the policy to. You can also exclude some groups if needed.

  10. Select Next.

  11. Review the policy settings and assignments and select Create.

For more information and guidance on how to create and assign endpoint security policies in Intune, see Manage endpoint security in Microsoft Intune and Endpoint security policies in Microsoft Intune.

How to use Microsoft Defender for Endpoint to enhance device security

Microsoft Defender for Endpoint is a cloud-based service that provides advanced threat protection and response capabilities for your devices. You can use Defender for Endpoint to detect, investigate, and remediate threats on your devices, using features such as:

  • Threat and vulnerability management to identify and prioritize vulnerabilities and misconfigurations on your devices

  • Attack surface reduction to reduce the attack surface on your devices by blocking malicious actions and behaviors

  • Next generation protection to prevent and detect malware and other threats on your devices using machine learning and behavioral analysis

  • Endpoint detection and response to investigate and respond to alerts and incidents on your devices using rich data and tools

  • Automated investigation and remediation to automate the investigation and remediation of alerts and incidents on your devices using playbooks and actions

  • Microsoft Secure Score to measure and improve the security posture of your devices and organization using recommendations and best practices

To use Defender for Endpoint to enhance device security, you need to onboard your devices to Defender for Endpoint. You can use Intune to onboard your devices to Defender for Endpoint, either by using endpoint security policies or device configuration profiles. You also need to have a valid license for Defender for Endpoint for each device you onboard.

For more information and guidance on how to use Defender for Endpoint to enhance device security, see Microsoft Defender for Endpoint overview and Onboard Windows 10/11 devices using Microsoft Intune.

How to monitor and report on device security status and alerts

After you implement and manage security for your devices, you can monitor and report on the device security status and alerts using Intune and Defender for Endpoint. You can use the following features and tools to monitor and report on device security:

  • Device compliance to check the compliance status of your devices based on the device compliance policies you configured in Intune

  • Device configuration to check the configuration status of your devices based on the device configuration policies you configured in Intune

  • Endpoint security to check the security status of your devices based on the endpoint security policies you configured in Intune

  • Microsoft Defender portal to check the security alerts and incidents on your devices based on the Defender for Endpoint data and analysis

  • Microsoft Secure Score to check the security score of your devices and organization based on the Defender for Endpoint recommendations and actions

  • Reports to generate and export reports on various aspects of device security, such as device inventory, device compliance, device configuration, endpoint security, and Defender for Endpoint

For more information and guidance on how to monitor and report on device security status and alerts, see Monitor devices with Microsoft Intune and Microsoft Defender for Endpoint reports.

Summary

In this article, we discussed how to use Microsoft Intune to implement and manage security for managed devices, covered how to enroll devices in Intune, how to create and assign endpoint security policies in Intune, how to use Microsoft Defender for Endpoint to enhance device security, and how to monitor and report on device security status and alerts. By using Intune and Defender for Endpoint, you can protect your devices and data from various threats and risks and improve the security posture of your organization.

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Subscribe to the Weekly Azure OpenAI Newsletter]

[Learn KQL with the Must Learn KQL series and book]

[Learn AI Security with the Must Learn AI Security series and book]

27

Share this post

Rod’s Blog
Rod’s Blog
Using Microsoft Intune to Implement and Manage Security
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More