Forum Discussion
Role of End User Team after Defender for Endpoint Rollout
Our Company is using SentinelOne (S1) as AV/EDR currently. SOC team had the full access of S1 environment. We have just started the pilot of Defender for Endpoint (MDE). Now the toolset contains Intune as well.
May I know what is the best way to handle the administration because End User Team has the access of Intune? How others are handling this situation?
1 Reply
Hi, in these cases, it’s crucial to establish clear roles and responsibilities. Typically, the SOC team should retain overall control of security tools like Defender for Endpoint, handling threat monitoring and incident response. Meanwhile, the End User team can focus on managing day-to-day device configurations through Intune, with their permissions limited to what’s necessary for routine operations.
A common approach is to implement strict separation of duties, ensuring that any security-related changes made in Intune are communicated to and approved by the SOC. This helps maintain consistency and minimizes the risk of inadvertent security misconfigurations.
Ultimately, a robust change management process and clear communication between the teams are key to managing this dual environment effectively.
