Home
Microsoft

Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Today, we are happy to introduce Microsoft Intune security tasks, a new one-click remediation capability in Microsoft 365 that bridges security stakeholders—security administrators, security operations, and IT administrators—by allowing them to collaborate and seamlessly remediate threats. This capability will extend the newly announced Microsoft Defender Threat & Vulnerability Management (TVM), a new component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP, previously Windows Defender ATP) that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

 

Rapid response to detect and remediate security incidents among billions of events is essential for IT security because adversaries present a danger every minute they are in your environment. Communication cycles and distribution of tasks between Security Operations, Security Admins and IT Admins often allow security breaches to spread over time or even linger unattended. Microsoft Defender ATP and Microsoft Intune create a task pipeline to eliminate lengthy delays between security-driven threat detection and IT-driven threat remediation. The status of the remediation task is synchronized back to the Microsoft Defender ATP console to keep Security Operations or Security Admins updated on the progress.

 

Some examples of security tasks to remediate your security posture would be to update a vulnerable app, uninstalling a vulnerable app, updating an OS, or changing a device configuration. Let us walk through one such security task, as an example.

 

How to update a vulnerable app with Microsoft Intune

 

In this example, we will use Microsoft Intune for remediation when Microsoft Defender ATP detects a vulnerable app and recommends an update to a new version. Note the risk exposure score is high according to the dashboard.

01 Attention Reqd.PNG

 

 

The Security Admin acts upon this recommendation by putting in a request to their IT department to remediate the vulnerable app.

02 Request .jpg

 

 

They may add a due date to complete the security task and add notes, before passing this information to the IT admin in Microsoft Intune

03 Send to IT.PNG

 

 

Over in the Microsoft Intune console, the IT admin can see all requests from the security department in the new Security tasks node, with a 'pending' status, due date, and number of impacted devices. 

04 Pending.PNG

 

 

From here, the IT admin can Accept or Reject the task. To help facilitate this decision, Microsoft Defender ATP provides insights into the security recommendation. Microsoft Intune security tasks can identify and remediate vulnerable apps on devices managed by both Intune and Configuration Manager.

05 Accept Reject.PNG

 

 

The IT admin can directly open the vulnerable app from the task and take care of the update. Once complete, they can close the task and the threat is mitigated.

06 Completed.PNG

 

 

When this vulnerability is remediated, the risk exposure score drops to medium on the dashboard. 

07 Mission Accomplished.PNG

 

 

As the security stakeholders work together to complete the remaining security tasks, it continues to harden the organization’s security posture. 

 

Preview available soon

Security tasks are simply the latest innovation in strengthening the existing integration between Microsoft Intune, Azure Active Directory and Microsoft Defender ATP. Together, the Microsoft 365 security management platform continues to evolve to help organizations easily block attackers from spreading if any machine is compromised. This integration has already proven successful in detecting and remediating new cyber-attacks using device risk score to drive conditional access. The new capabilities will be available for preview within the next month.

 

Learn how to get started with Microsoft Intune with our detailed technical documentation. Don’t have Microsoft Intune? Start a free trial or buy a subscription today!

 

twitter icon.png  Follow @MSIntune on Twitter

 

 

(This post is co-authored by Joey Glocke, Senior Program Manager, Microsoft Intune and Mayunk Jain, Product Manager, Microsoft 365 Security)

3 Comments
New Contributor

@Mayunk Jain Thank you for the insight into this integration. Makes sense to me. 

 

For this line at the end "When this vulnerability is remediated, the risk exposure score drops to medium on the dashboard. " - can you please confirm if this is [1] re-calculated based on Intune advising the Defender ATP portal the completion of the remediation, or [2] the re-assessment and re-aggregation of security threat signals from all devices running Microsoft Defender ATP? Approach 2 seems the right way to me - is this what you are doing?

Microsoft

@Michael Sampson Approach #2 is how it works. ATP is always in charge of this calculation. 

New Contributor

Thanks @Joey Glocke. That's beautiful systems architecture right there. Kudos team.