Endpoint security with Microsoft Intune
2 minute read
https://docs.microsoft.com/en-us/learn/modules/describe-endpoint-security-with-microsoft-intune/
What is Intune
- Cloud based
- Focus on MDM (mobile device management) and MAM (mobile application management)
- Controls an organization’s mobile phones, tablets and laptops
- COntrols some of the organization’s applications
- Allows BYOD support
MDM
- Used for devices owned by the organization
- Maintain full control of a device
- Including
- Settings
- Features
- Security
MAM
- Used for personal devices owned by users
- Controls apps such as email and Teams
Endpoint security with Intune
- Configure and manage security tasks for at-risk devices
Manage devices
- All devices view shows all devices in Azure AD available in EndPoint Manager
- Drill down into a device to
- See policy status
- Restart a device
- Scan for malware
- Rotate Bitlocker keys on Windows 10
Manage security baselines
- Intune includes security baselines
- Preconfigured groups of Windows settings help secure a device
Use policies to manage device security
- Focus on device security such as
- Disk encryption
- Firewall
- Endpoint protection and response
- Uses Microsoft Defender for Endpoint
Use device compliance policy
- Establish conditional access by which a device can access the corporate network and resources
- Sets minimum baseline for a device to become compliant such as
- OS version
- Password requirement
- Device threat level
Configure conditional access
- Integration with Azure AD conditional access policies
- Intune passes device compliance to Azure AD
Integration with Microsoft Defender for Endpoint
- Used for Mobile Threat Defense
- Helps prevent security breaches and limit impact of breaches
- Supports
- Android
- iOS/iPadOS
- Windows 10+
Role-based access control with Microsoft Intune
- Manage who has access to resources and what they can do in Intune
Last modified July 21, 2024: update (e2ae86c)