(88) Integrating Defender for Endpoint with Microsoft Intune
- Mr B SOE way
- Sep 8, 2023
- 2 min read
To meet the prerequisies to use Defender for Endpoint with Intune, the following should be considered: https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection#prerequisites
In this section, I will be covering a detail explanation for Windows devices. For other operating systems, URLs will be provided.
Enable Defender for Endpoint:
1. Navigate to https://endpoint.microsoft.com
2. Select Endpoint Security then select Microsoft Defender for Endpoint.
3. As we have previously enabled "Microsoft Intune connection" from this post where it is accessible from security.microsoft.com then Settings then Endpoints then Advanced features.
4. Configure the following with "Status: On" then select Save.
5. Once changes have been saved, the connection status is set to "Enabled".
Device Configuration profile (Windows):
1. Navigate to https://endpoint.microsoft.com
2. Select Endpoint Security then Endpoint detection and response, select Create policy.
3. Give a name to the policy, and select the following.
4. Once devices have been onboarded with the EDR policy.
Device Compliance policy (Windows):
1. Navigate to https://endpoint.microsoft.com
2. Select Devices then Device compliance then select policies then select create policy.
3. If there is an existing device compliance, ensure to update to incorporate the option: Require the device to be at or under the machine risk score to the preferred level.
4. In this case, I have an existing device compliance policy with updating the setting to "low"
Note: Threat level classifications are:
Clear: This level is the most secure. The device can't have any existing threats and still access company resources. If any threats are found, the device is evaluated as noncompliant.
Low: The device is compliant if only low-level threats exist. Devices with medium or high threat levels aren't compliant.
Medium: The device is compliant if the threats found on the device are low or medium. If high-level threats are detected, the device is determined as noncompliant.
High: This level is the least secure and allows all threat levels. Devices with high, medium, or low threat levels are considered compliant.
Onboarding macOS Devices: https://learn.microsoft.com/en-us/mem/intune/apps/apps-advanced-threat-protection-macos and https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-worldwide&preserve-view=true
Onboard Android Devices: https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android
Onboard iOS/iPadOS Devices: https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios
Conditional Access Policy:
1. Navigate to https://endpoint.microsoft.com
2.Select Endpoint Security then Conditional Access, select New policy.
3. Enter a name for a policy with the following:
4. Select Grant access with Require device to be marked as complaint.
Comments