Let us learn about Intune Endpoint Security Policies and Microsoft Endpoint Manager Updates.
Sneak peek of Microsoft Endpoint Manager security topics discussed in the section hosted by Paul Mayfield, Terrell Cox, and Micro-Scott.
More details about the session and Intune Endpoint Security are given below.
Ignite 2019 Coverage
- Microsoft Endpoint Management SCCM Intune Windows Updates
- Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
- iOS Android macOS Mobile Enrollment Options with Intune
- Basics of Windows Dynamic Update Explained Update Management
- WVD End User Experience Availability Updates
- MSIX Updates from Ignite Reliability Network Disk-space
- Microsoft Learning Certification Exams Updates
- On-Prem WVD Options Azure Quantum Qualys Scan Integration
- Intune Reporting Strategies Advanced Reporting
- Intune Endpoint Security Policies Enhancements
Introduction
Following are the key pillars of Microsoft Endpoint Manager security enhancements announced in Microsoft Ignite.
- Dedicated Sec Admin node workspace
- Cross persona workflows
- Covers both cloud and on-premises endpoints (SCCM and Intune)
- Integrated with Microsoft Defender ATP
Two Personas and Two Portals
- Endpoint Management (Device Management) and Security Admin -The team does both device management and security application management.
In this scenario, the team can access the URL https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/overview
- Only Security Admin (manage only security products like ATP, Symantec, etc.)
This team can login to the following URL and work accordingly – https://security.microsoft.com/homepage
Security Baselines Overview
Following are the security configuration policy options (Security baselines) from Microsoft Endpoint Manager(MEM).
URL -> https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/securityBaselines
- Microsoft Recommended Settings
- Baseline Drift Reports
- Windows 10 and Defender ATP are available
- Edge and Office Pro Plus (Coming Soon)
Encryption Management Overview
- Windows, macOS, iOS, Android
- Cloud and on-premises
- Key recover and rotation
- Rich configuration and reporting
Disk Encryption – Bitlocker or File Vault
The encryption policy option for macOS and Windows is available in Microsoft Endpoint Portal.
- macOS – File Vault
- Windows – Bitlocker
Encryption Recovery Keys Experience
You can go to troubleshooting + support node from Microsoft Endpoint Manager and select a macOS or a Windows device to see the recovery key. This would be very useful for helpdesk team.
URL -> https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/SupportMenu/troubleshooting
Encryption Key Rotation – Bitlocker Options
Bitlocker key rotation is also available from the Troubleshooting + support node in Microsoft Endpoint Manager. Go to Overview of Windows device -> click on ….More -> select “Bitlocker key Rotation” option.
URL -> https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/SupportMenu/troubleshooting
Session – Intune Endpoint Security
- Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager – https://myignite.techcommunity.microsoft.com/sessions/83532
Resources
- User Enrollment with Intune
- Supported actions with User Enrollment
- End-user privacy with Microsoft Intune