Event banner
Event details
- Heather_Poulsen
Community Manager
For easy reference, here are the links from this session!
- Heather_Poulsen
How did we do on our Technical Takeoff Day 1 sessions? Please take this 2-minute survey and let us know your thoughts on this event.
- Question. We are using the "MEMAC > Endpoint Security > Manage" space to create policy for AV, Bitlocker encryption, Firewall, etc. Then we are told to use the Security Baselines. Clearly there is massive overlap, and thus conflict, between these sets of policies. Clearly it's not sensible to use both. In my view the Security Baselines are less good, because so many settings in one policy makes them hard to test/troubleshoot. The smaller "Endpoint Security" policies are easier to maintain. But what should we be doing??
- Agree Paul. Would really help for an overview of when to use MEM Policies, when to use security baselines and when to use the new endpoint security configurations
- LauraArrizza
Microsoft
The guidance is to first use Security Baselines to leverage the built-in setting recommendations that come from security experts across Windows, Defender for Endpoint, Edge, and Windows 365. After deploying the customized Security Baseline policy, you can use Endpoint Security policy templates that span across categories like AV, Firewall, ASR etc. to complement baselines with missing settings that are specific to the scope of security you're looking for. From there, you can leverage the Settings Catalog to add additional settings using the picker experience. We also surface Administrative Templates for settings that may still be need to be added but not available via the other methods. In terms of viewing and addressing conflicts, we have reports to help identify where you may have overlapping settings targeted. Reports like "Assignment failures" and "Device configuration" and the per policy reports allow you to drill down and understand where conflicts may be occurring. Make sure to check out some of the other Ignite sessions for specific discussions on deploying policy across the methods we offer!
- You're scheduled for 30 mins. but are done after 13 mins. ? 😞
- I joined 3min late and, wow it was over 10min later. LOL
- LauraArrizzaAasawari and I will be checking the discussion channel and replying via the comments section today and through the week!
- Given these presentations are short, why no Q&A at the end??
- LauraArrizzaAasawari and I will be checking the discussion channel and replying via the comments section today and through the week!
- Heather_Poulsen
We’re happy you’re here with us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event.
- How does Defender for Endpoint integrate with Defender for Cloud and Sentinel?
- LauraArrizza
You can read up on information related to integrations with Defender for Endpoint with Defender for Cloud and Microsoft Sentinel here: https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration and https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
- A great question came up. If Az AD is required for MDE but its not supported to Hybrid Join a Domain Controller using Azure AD Sync, how do you complete the requirement and still protect end to end on servers with Domain Controller role?
- LauraArrizzaCurrently, devices are not supported to complete a Hybrid Join to Azure Active Directory. Since an Azure Active Directory trust is required, domain controllers aren't currently supported. We're looking at ways to add this support.
- Is it planned to bring the ASR rules to MDE management as well (because this isn’t possible on Windows Servers right now)
- LauraArrizzaYes! The Attack Surface Reduction (ASR) Rules policy template is coming to have support with our Security Settings Management for Microsoft Defender for Endpoint solution. You can use targeting through the policy creation wizard to assign the settings to your device & user groups, which is applicable to Windows 10, 11 and Server platforms.
- Heather_Poulsen
Welcome to Zero in on Zero Trust with unified endpoint security management from Microsoft. Let's get started! Have a question? Post it here in the Comments. Subject matter experts will be answering during the live broadcast and throughout the week.
