Intune Endpoint Security Policies Microsoft Endpoint Manager Updates

0
Intune Endpoint Security

Sneak peak of Microsoft Endpoint Manager security topics discussed in the section hosted by Paul Mayfield, Terrell Cox, and Micro-Scott. More details about the session and Intune Endpoint Security are given below.

Ignite 2019 Coverage

  1. Microsoft Endpoint Management SCCM Intune Windows Updates
  2. Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
  3. iOS Android macOS Mobile Enrollment Options with Intune
  4. Basics of Windows Dynamic Update Explained Update Management
  5. WVD End User Experience Availability Updates
  6. MSIX Updates from Ignite Reliability Network Disk-space
  7. Microsoft Learning Certification Exams Updates
  8. On-Prem WVD Options Azure Quantum Qualys Scan Integration
  9. Intune Reporting Strategies Advanced Reporting
  10. Intune Endpoint Security Policies Enhancements

Introduction

Following are the key pillars of Microsoft Endpoint Manager security enhancements announced in Microsoft Ignite.

  • Dedicated Sec Admin node workspace
  • Cross persona workflows
  • Covers both cloud and on-premises endpoints (SCCM and Intune)
  • Integrated with Microsoft Defender ATP

Two Personas and Two Portals

  • Endpoint Management (Device Management) and Security Admin – This is the team who does both device management and security application management.

In this scenario, the team can access the URL https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/overview

Endpoint Management (Device Management) and Security Admin - Intune Endpoint Security
Endpoint Management (Device Management) and Security Admin – Intune Endpoint Security
  • Only Security Admin (manage only security products like ATP, Symantec etc)

This team can login to the following URL and work accordingly – https://security.microsoft.com/homepage

Only Security Admin - Intune Endpoint Security
Only Security Admin – Intune Endpoint Security

Security Baselines Overview

Following are the security configuration policy options (Security baselines) from Microsoft Endpoint Manager(MEM).

URL -> https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/securityBaselines

  • Microsoft Recommended Settings
  • Baseline Drift Reports
  • Windows 10 and Defender ATP available
  • Edge and Office Pro Plus (Coming Soon)
Security Baselines Overview
Security Baselines Overview

Encryption Management Overview

  • Windows, macOS, iOS, Android
  • Cloud and on-premises
  • Key recover and rotation
  • Rich configuration and reporting
Encryption Management Overview - Intune Endpoint Security
Encryption Management Overview – Intune Endpoint Security
Altaro Office 365 Backup
Advertisement Altaro Office 365 Backup

Disk Encryption – Bitlocker or File Vault

The encryption policy setting option for macOS and Windows are available in Microsoft Endpoint Portal.

  • macOS – File Vault
  • Windows – Bitlocker
Encryption - Intune Endpoint Security Policies
Encryption – Intune Endpoint Security

Encryption Recovery Keys Experience

You can go to troubleshooting + support node from Microsoft Endpoint Manager and select a macOS or a Windows device to see the recovery key. This would be very useful for helpdesk team.

URL -> https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/SupportMenu/troubleshooting

Encryption Recovery Keys Experience
Encryption Recovery Keys Experience

Encryption Key Rotation – Bitlocker Options

Bitlocker key rotation is also available from the Troubleshooting + support node in Microsoft Endpoint Manager. Go to Overview of Windows device -> click on ….More -> select “Bitlocker key Rotation” option.

URL -> https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/SupportMenu/troubleshooting

Encryption Key Rotation - Bitlocker Options
Encryption Key Rotation – Bitlocker Options

Session – Intune Endpoint Security

Resources

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.