💻Asset Security Reinforced: Microsoft Intune & Defender for Endpoint💻
In the realm of corporate security, addressing vulnerabilities on assets is vital. Yet, teams focusing solely on patching may overlook insecure setups – be they default settings or administrators' errors. Proactive security teams strive for automated rectification of asset misconfigurations, preferably in a centralised manner.
This article presents a solution that utilises several Microsoft products to implement recognised security baselines consistently, minimising end-user impact.
🔑 **Key Steps:**
1. **Ensure Intune Manages Your Clients**: Deploy security baselines consistently with central management. For Windows clients, Microsoft Intune serves this purpose. Note: Only devices under Mobile Device Management (MDM) will be covered, excluding BYOD assets. Devices should be Azure AD joined with automatic enrolment configured.
2. **Automatic Deployment of Microsoft Defender for Endpoint (MDE)**: MDE implements security configuration settings received from Intune. Verify communications between MDE and Intune and create a device configuration profile for automatic onboarding.
3. **Test Security Baselines with Control Groups**: To reduce unexpected changes, test security baselines on sample user groups before wider deployment. For Azure AD joined devices, utilise dynamic groups to automate assignment.
4. **Choose Security Baselines and Plan Deployment**: Many security policies are available. It is important to note that before applying a new security baseline policy; you need to first reassign the old policy from the devices, reset the devices, and then apply the new security baseline policy. Announce deployments in advance to the impacted user groups.
5. **Use Default Security Baselines for Intune Managed Devices**: From the Intune admin center, apply existing baselines to in-scope devices.
6. **Implement Custom Security Baselines**: Modify Microsoft provided templates, create a custom profile, or import group policy objects (GPOs) through the group policy analyser tool.
7. **Monitor Impact and Report on Compliance**: The Intune portal allows you to track baseline deployment success and view issues, including errors and conflicts. Take note that results might take 24 hours to populate in the portal.
8. **Optional - Leverage Attack Surface Reductions (ASR) for Extra Hardening**: These provide an additional layer of protection against common attack vectors. It is recommended to set many of these settings in audit mode before enforcing them.
The ultimate goal is a balance between security and minimal user impact.
Want to learn more? 💡
MDE Deployment guide: Download from this link