Event banner

AMA: Managing Windows with Microsoft Endpoint Manager

Event Ended
Thursday, Nov 18, 2021, 08:00 AM PST
Online

Event details

Join us for Tech Community Live: Microsoft Endpoint Manager edition! From Windows Autopilot to Zero Trust, this live Ask Microsoft Anything (AMA) event is your chance to bring your Windows managem...
Heather_Poulsen
Updated Dec 27, 2024
AMA
DRich22's avatar
DRich22
Brass Contributor
Nov 17, 2021

Thanks Heather, some of these may be slightly out of scope, but here's a start:

 

  • Feasibility of adopting purely MEM over MEMCM Co management for managing a relatively large enterprise.  What does MEM currently lack when compared?  Reporting capabilities?  Anything planned to bridge the gap here?
  • Encouraging the adoption of Azure AD joined devices, and migrating group policy.  The enhancements and additions to the settings catalog are most welcome.  Mixed feedback from the community on whether to adopt Endpoint Security Policies over your own Device configuration profiles.  Is one preferred over the other, and any pitfalls to be aware of with Endpoint Security besides having to periodically update the Baseline?  Are there any enhancements planned for introducing something similar to the way Group Policy preferences used to work for ease of management?
  • Managing Microsoft Edge extensions via settings catalog.  Allowlist is currently capped to 100 entries.  Is the an alternate approach to managing these based on permissions they request, like you can achieve with the Google Admin console for Chrome?
  • Any official guides available for exporting intune data to another SIEM for reporting on things such as User assignment, App inventory, Device compliance etc
Jason_Sandys's avatar
Jason_Sandys
Icon for Microsoft rankMicrosoft
Nov 18, 2021
Hi Dan, Just to address a couple of items here: - On a semantic note, Microsoft Endpoint Manager is a suite of products and solutions that includes both Intune and ConfigMgr thus saying "purely MEM" does include ConfigMgr. Our overall recommendation is still "better together" though as there are some things each does that other does not do and it may always be like this. We don't have any comprehensive comparison between Intune and ConfigMgr because of this. - Baselines, in general, should be the starting point for most orgs as these establish the minimum set of viable policies to secure your endpoints and no insecure endpoint should ever be allowed to access your corporate resources. From there, you can build out your additional required settings and policies using the Settings Catalog. There are some rough spots as we continue to work through all of the details, but this is our current engineering path. - For group policy preference coverage, today, PowerShell is your friend (well, PowerShell should always be your friend regardless). We are currently investigating filling in some of these gaps though. There's no to share at this time and no commitment, but we understand that this is a gap and are looking to fill it. - For third-party SIEM products and services, you should engage the vendors of those products and services. We have official documentation on using Azure Monitor though that you may be able to reference or leverage: https://docs.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor.
Date and Time
Nov 18, 20218:00 AM - 9:00 AM PST