There are many potential MDE options to configure—especially if you have subscribed to MDE P2.
In this section, you’ll take a look at the high-level options that you can configure for MDE.
Tip
You’ll definitely want to spend a little bit of time reviewing all of the available options in the Intune admin center (https://intune.microsoft.com). Focus on the middle pane of the Endpoint security page. Each feature has its own configuration node (Antivirus, Disk encryption, Firewall, and so forth). Everything is in scope for the MS-102 exam, so you’ll need a good understanding of the names of the options and the types of policy items that can be configured. Even though these configuration options appear in the Intune admin center, they’re part of Defender for Endpoint. The Manage Endpoint Security configuration link from the Microsoft 365 Defender portal (underEndpoints | Device configuration) redirects to the Intune Endpoint security page.
Before we begin exploring, though, it’s worth noting the terminology that the Intune admin center uses:
• Policy: A policy is a group of settings that are applied as a set to one or more devices.
• Platform: A platform represents a device type. Depending on the feature being configured, you may have different platform choices, such as Windows 10 and later, macOS, Windows 10, Windows 11, and Windows Server, Android, or iOS/iPadOS. Since different platforms have different options that can be managed per Defender feature, you’ll need to create at least one policy for every platform. For example, if you are configuring the MDE disk encryption feature and have both macOS and Windows 11 devices, you’ll need to create at least two disk encryption policies—one for Windows 11 devices and one for macOS devices.
• Profile: A profile is used to determine the types or categories of settings per feature, per platform. Some features have multiple settings areas and may require multiple policies (each with its own platform/profile selections) to ensure you have configured all of the feature options.
For example, if you select the Windows 10, Windows 11, and Windows Server platform for the Antivirus feature, you’ll notice the profile has options for Microsoft Defender Antivirus exclusions, Microsoft Defender Antivirus, and Windows Security Experience. If you need to configure settings in each of those profile areas, you’ll need to create a policy with the same platform but different profile settings for each configuration area.
• Scope tag: A scope tag is used to group administrative control in the context of role-based access control (RBAC).
• Assignments: Each policy can be configured and assigned to groups. This allows you to configure different policy settings based on departments, use cases, or other business requirements.
This terminology will be used when working through the Defender for Endpoint configuration.
Integrating Defender for Endpoint with Intune
As components of the Microsoft 365 suite, MDE and Intune are designed to be able to work together. With the integration of the two products, you can activate advanced features, such as automatically onboarding new devices to Defender for Endpoint and using Defender’s health data as part of your Conditional Access policies. For more information on Conditional Access policies, refer to Chapter 6, Implementing and Managing Secure Access.
Android, iOS, and Windows 10/11 (configured as either Azure AD Joined or Hybrid Azure AD Joined) devices support using Intune with Defender.
To use the two products together successfully, you need to complete the following tasks:
- Establish a service-to-service connection between Defender for Endpoint and Intune.
- Configure an Intune compliance policy to assign a risk level to devices.
- Configure a Conditional Access policy to prevent users from accessing resources from devices marked as risky or non-compliant.
- Configure a device configuration profile for onboarding new devices to Defender for Endpoint.
Let’s look at the steps in more detail.
Leave a Reply