How to enable Microsoft Defender for endpoint to enforce security policies? 相關
廣告過去一個月已有 超過 1 萬 位使用者造訪過 trendmicro.com
PC-cillin 2024完整防詐攻略:保護資料/偵測威脅/防範侵入,識破各種詐騙手法,全面防護更安心。 電腦/手機同時保護,迅速阻擋最新網路威脅,防毒防詐,付費防毒品牌No.1!立即下載PC-cillin2024
Detailed Information About The Top Programs, All In One Easy-to-read Comparison List. Get Up To 80% Discount - Only Via Our Promotional Link!
搜尋結果
其他人也問了
How do I configure endpoint security policies for defender for endpoint?
What is defender for endpoint security settings management?
How do I set up Microsoft Defender for endpoint?
What is Microsoft Defender for endpoint?
2024年6月25日 · Create an endpoint security policy Sign in to the Microsoft Defender portal using at least a Security Administrator role. Select Endpoints > Configuration management > Endpoint security policies and then select Create new Policy. Select a platform from the .
- Use Intune endpoint security policies to manage Microsoft Defender for Endpoint on devices not enrolled with Intune
You can use the Microsoft Intune admin center or the ...
- Configure Microsoft Defender for Endpoint in Intune
The first step you take is to set up the ...
- Use Intune endpoint security policies to manage Microsoft Defender for Endpoint on devices not enrolled with Intune
- Overview
- Prerequisites
- Architecture
- Which solution should I use?
- Configure your tenant to support Defender for Endpoint security settings management
- Onboard devices to Microsoft Defender for Endpoint
- Coexistence with Microsoft Configuration Manager
- Create Microsoft Entra Groups
- Deploy policy
- Monitor status
When you use Microsoft Defender for Endpoint, you can deploy endpoint security policies from Microsoft Intune to manage the Defender security settings on the devices you’ve onboarded to Defender without enrolling those devices with Intune. This capability is known as Defender for Endpoint security settings management.
When you manage devices through security settings management:
•You can use the Microsoft Intune admin center or the Microsoft 365 Defender portal to configure policies for endpoint security for Defender for Endpoint and assign those policies to Microsoft Entra ID groups. The Defender portal includes the user interface for device views, policy management, and reports for security settings management.
To view guidance on managing the Intune endpoint security policies from within the Defender portal, see Manage endpoint security policies in Microsoft Defender for Endpoint in the Defender content.
•Devices get their assigned policies based on their Entra ID device object. A device that isn’t already registered in Microsoft Entra is joined as part of this solution.
•When a device receives a policy, the Defender for Endpoint components on the device enforce the policy and report on the device's status. The device's status is available in the Microsoft Intune admin center and the Microsoft Defender portal.
Environment
When a supported device onboards to Microsoft Defender for Endpoint: •The device is surveyed for an existing Microsoft Intune presence, which is a mobile device management (MDM) enrollment to Intune. •Devices without an Intune presence enable the security settings management feature. •For devices that aren't fully Microsoft Entra registered, a synthetic device identity is created in Microsoft Entra ID that allows the device to retrieve policies. Fully registered devices use their current registration. •Policies retrieved from Microsoft Intune are enforced on the device by Microsoft Defender for Endpoint.
Connectivity requirements
Devices must have access to the following endpoint: •*.dm.microsoft.com - The use of a wildcard supports the cloud-service endpoints that are used for enrollment, check-in, and reporting, and which can change as the service scales.
Supported platforms
Policies for Microsoft Defender for Endpoint security management are supported for the following device platforms: Linux: With Microsoft Defender for Endpoint for Linux agent version 101.23052.0009 or later, security settings management supports the following Linux distributions: •Red Hat Enterprise Linux 7.2 or higher •CentOS 7.2 or higher •Ubuntu 16.04 LTS or higher LTS •Debian 9 or higher •SUSE Linux Enterprise Server 12 or higher •Oracle Linux 7.2 or higher •Amazon Linux 2 •Fedora 33 or higher To confirm the version of the Defender agent, in the Defender portal go to the devices page, and on the devices Inventories tab, search for Defender for Linux. For guidance on updating the agent version, see Deploy updates for Microsoft Defender for Endpoint on Linux. Known issue: With the Defender agent version 101.23052.0009, Linux devices fail to enroll when they're missing the following filepath: /sys/class/dmi/id/board_vendor. macOS: With Microsoft Defender for Endpoint for macOS agent version 101.23052.0004 or later, security settings management supports the following macOS versions: •macOS 14 (Sonoma) •macOS 13 (Ventura) •macOS 12 (Monterey) •macOS 11 (Big Sur) To confirm the version of the Defender agent, in the Defender portal go to the devices page, and on the devices Inventories tab, search for Defender for macOS. For guidance on updating the agent version, see Deploy updates for Microsoft Defender for Endpoint on macOS. Known issue: With the Defender agent version 101.23052.0004, macOS devices that are registered in Microsoft Entra ID before enrolling with security settings management receive a duplicate Device ID in Microsoft Entra ID, which is a synthetic registration. When you create a Microsoft Entra group for targeting policy, you must use the synthetic Device ID created by security settings management. In Microsoft Entra ID, the Join Type column for the synthetic Device ID is blank. Windows: •Windows 10 Professional/Enterprise (with KB5006738) •Windows 11 Professional/Enterprise •Windows Server 2012 R2 with Microsoft Defender for Down-Level Devices •Windows Server 2016 with Microsoft Defender for Down-Level Devices •Windows Server 2019 (with KB5006744) •Windows Server 2022 (with KB5006745) Security settings management doesn't work on and isn't supported with the following devices: •Non-persistent desktops, like Virtual Desktop Infrastructure (VDI) clients or Azure Virtual Desktops. •Domain Controllers
The following diagram is a conceptual representation of the Microsoft Defender for Endpoint security configuration management solution.
1.Devices onboard to Microsoft Defender for Endpoint.
2.Devices communicate with Intune. This communication enables Microsoft Intune to distribute policies that are targeted to the devices when they check in.
3.A registration is established for each device in Microsoft Entra ID:
•If a device was previously fully registered, like a Hybrid Join device, the existing registration is used.
•For devices that haven't been registered, a synthetic device identity is created in Microsoft Entra ID to enable the device to retrieve policies. When a device with a synthetic registration has a full Microsoft Entra registration created for it, the synthetic registration is removed and the devices management continues on uninterrupted by using the full registration.
Microsoft Intune includes several methods and policy types to manage the configuration of Defender for Endpoint on devices. The following table identifies the Intune policies and profiles that support deployment to devices managed by Defender for Endpoint security settings management and can help you identify if this solution is right for your needs.
When you deploy an endpoint security policy that’s supported for both Defender for Endpoint security settings management and Microsoft Intune, a single instance of that policy can be processed by:
•Devices supported through security settings management (Microsoft Defender)
•Devices that are managed by either Intune or Configuration Manager.
Profiles for the Windows 10 and later platform aren't supported for devices managed by security settings management.
Following profiles are supported for each device type:
Configure Microsoft Defender for Endpoint
In Microsoft Defender for Endpoint portal, as a security administrator: 1.Sign in to Microsoft Defender portal and go to Settings > Endpoints > Configuration Management > Enforcement Scope and enable the platforms for security settings management. 2.Initially, we recommend testing the feature for each platform by selecting the platforms option for On tagged devices, and then tagging the devices with the MDE-Management tag. Important Use of Microsoft Defender for Endpoint’s Dynamic tag capability to tag devices with MDE-Management isn’t currently supported with security settings management. Devices tagged through this capability won’t successfully enroll. This issue remains under investigation. 3.Configure the feature for Microsoft Defender for Cloud onboarded devices and Configuration Manager authority settings to fit your organization's needs:
Configure Intune
In the Microsoft Intune admin center, your account need permissions equal to Endpoint Security Manager built-in Role based access control (RBAC) role. 1.Sign in to the Microsoft Intune admin center. 2.Select Endpoint security > Microsoft Defender for Endpoint, and set Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations to On. When you set this option to On, all devices in the platform scope for Microsoft Defender for Endpoint that aren't managed by Microsoft Intune qualify to onboard to Microsoft Defender for Endpoint.
Microsoft Defender for Endpoint supports several options to onboard devices. For current guidance, see Onboard to Microsoft Defender for Endpoint in the Defender for Endpoint documentation.
In some environments it might be desired to use security settings management with devices managed by Configuration Manager. If you use both, you need to control policy through a single channel. Use of more than one channel creates the opportunity for conflicts and undesired results.
To support this, configure the Manage Security settings using Configuration Manager toggle to Off. Sign in to the Microsoft Defender portal and go to Settings > Endpoints > Configuration Management > Enforcement Scope:
After devices onboard to Defender for Endpoint, you'll need to create device groups to support deployment of policy for Microsoft Defender for Endpoint. To identify devices that have enrolled with Microsoft Defender for Endpoint but aren't managed by Intune or Configuration Manager:
1.Sign in to Microsoft Intune admin center.
2.Go to Devices > All devices, and then select the column Managed by to sort the view of devices. Devices that onboard to Microsoft Defender for Endpoint but aren't managed by Intune display Microsoft Defender for Endpoint in the Managed by column. These devices can receive policies for security settings management.
Devices that onboard to Microsoft Defender for Endpoint and have registered but aren't managed by Intune display Microsoft Defender for Endpoint in the Managed by column. These are the devices that can receive policy for security management for Microsoft Defender for Endpoint.
Starting on September 25, 2023, devices that use security management for Microsoft Defender for Endpoint can no longer be identified by using the following system labels:
•MDEJoined - A now deprecated tag that was previously added to devices that were joined to the directory as part of this scenario.
After creating one or more Microsoft Entra groups that contain devices managed by Microsoft Defender for Endpoint, you can create and deploy the following policies for security settings management to those groups. The policies and profiles available vary by platform.
For the list of policy and profile combinations supported for security settings management, see the chart in Which solution should I use? earlier in this article.
1.Sign in to the Microsoft Intune admin center.
2.Go to Endpoint security, select the type of policy you want to configure, and then select Create Policy.
3.For the policy, select the Platform and the Profile that you want to deploy. For a list of the Platforms and Profiles that support security settings management, see the chart in Which solution should I use? earlier in this article.
4.Select Create.
Status and reports for policies that target devices in this channel are available from the policy node under Endpoint security in the Microsoft Intune admin center.
Drill in to the policy type and then select the policy to view its status. You can view the list of platforms, policy types, and profiles that support security settings management in the table in Which solution should I use, earlier in this article.
When you select a policy, you can view information about the device check-in status, and can select:
•View report - View a list of devices that received the policy. You can select a device to drill in and see its per-setting status. You can then select a setting to view more information about it, including other policies that manage that same setting, which could be a source of conflict.
2023年2月3日 · Setting is listed as “Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations”. Once this setting is turned on, it will open MDE channel for pushing down the security policies. Snippet from Microsoft Intune, Endpoint Security Node
2024年4月17日 · The first step you take is to set up the service-to-service connection between Intune and Microsoft Defender for Endpoint. Set up requires administrative access to both the Microsoft Defender Security Center, and to Intune. You only need to enable Microsoft Defender for Endpoint a single time per tenant.
2022年5月12日 · Using Microsoft Endpoint Manager admin center, administrators can use the Endpoint Security blade to create antivirus (AV), endpoint detection and response (EDR), and firewall (FW) policies to be enforced on devices via Microsoft Defender for Endpoint
2023年7月11日 · View all your Intune security policies directly in the Microsoft 365 Defender portal by going to Configuration Management > Endpoint Security Policies. You can filter the list as well as search for specific policies using the built-in ‘filter’ and ‘search’ capabilities.
Deploy Microsoft Defender for Endpoint for preventative protection, breach detection, automated investigation, and response to help secure your endpoints.
How to enable Microsoft Defender for endpoint to enforce security policies? 相關
廣告Edit, Fill & eSign PDF Documents Online. No Downloads Needed. Get Started Now. Best PDF Fillable Form Builder. Professional Toolset. Quick and Simple. Subscribe for more
Our List Of The Best Antivirus Programs Highlights The Main Features Of Each Brand. Easily Find The Best Antivirus For You. Free Trials & Huge Savings On The Leading Brands!
快克利為 Microsoft 微軟認證經銷商,提供 SQL Server 授權訂閱與技術服務. 根據您的企業的軟體需求提供完整的規劃與建議,讓您買對產品,省下大筆預算
