By: Laura Arrizza - Sr. Product Manager - Microsoft Intune
Microsoft Intune is making it even easier for admins to deploy and configure Microsoft Defender for Endpoint on devices with simplified experiences for discoverability, deployment, and continuous monitoring across devices.
This provides value towards increased visibility and transparency into the state and status of your devices. This also helps to maximize security value, coverage and protect their devices from advanced threats and attacks using a single device management service and console, Intune.
The single-pane of glass for these capabilities will be Intune. This assures streamlined simplification, and any connections required for on-premises managed Windows assets, like servers, only requires a simple attach configuration joining Intune with Microsoft Configuration Manager for Defender for Endpoint management.
- Increased transparency to discover devices - You can view summary and detailed reports of Defender for Endpoint deployment numbers across the tenant, including devices that are onboarded or not onboarded to endpoint detection and response (EDR).
- Easily deploy Defender - You can use the simplified Defender for Endpoint EDR policy deployment with a streamlined option to deploy a preconfigured policy to all devices in the tenant, regardless of the management scenario (Intune managed, Configuration Manager managed, or any combination of the two).
- Defender definition updates use Delivery Optimization on Windows 10/11 utilizing peer caching and delivery to minimize network impact. Delivery Optimization can be configured generally through Intune device policy.
- Continuous monitoring - You can view consolidated dashboard-reporting for device signals running Defender for Endpoint workloads, such as antivirus status, detected malware, firewall status, etc. You can also access additional dashboarding and reporting from the Defender portal.
- Quick results - You can check quick results on reports and policy enforcement status for Defender for Endpoint devices with up-to-date timestamps using tools like ‘Refresh’ and manual device syncs to see the latest information. With Intune’s Advanced Analytics – Device Query capability, you can also get real time state and status on an Defender for Endpoint device to query a wide array of attributes generally.
- Platform support - Defender for Endpoint configuration, all driven from the Intune admin center, applies to any Windows client or server managed by tenant attach, or Configuration Manager, assuring broad, unified reach for deployment, configuration, and reporting of Defender for Endpoint on all Windows assets in your organization.
A walkthrough of the simplified experience
In the Intune admin center, you can discover the set of devices that have Defender for Endpoint EDR deployed or not using the new summary reports via the Endpoint Security > Endpoint detection and response page when the tenant Defender for Endpoint connector is enabled and get an overview of Defender for Endpoint EDR deployment numbers across the tenant.
The EDR onboarding status report provides details on the devices that are onboarded or not onboarded to Defender for Endpoint EDR. You can filter, sort, search and export the data in this report. The information banner contains a link to the Defender portal for deploying the onboarding package and a link to learn more about on-premises scenarios.
Once the tenant connector is enabled, you can select the 'Deploy preconfigured policy' button to choose which platform to deploy to, Windows cloud and Defender for Endpoint managed or Configuration Manager managed (tenant-attached) devices, which will kickstart the process.
After giving the policy a name and description, admins can review the contents of what is to be deployed and click Create policy. This newly created policy contains the following: the Microsoft Defender for Endpoint client configuration package type setting which is configured to “Auto from connector" (where Intune automatically gets the onboarding package (blob) from your Defender for Endpoint deployment). This replaces the need to manually configure an onboarding package. The assignments are preloaded assignments to target the policy to the ‘All devices’ group. If you’re deploying to devices managed by Configuration Manager (Tenant attach), the policy is preloaded to target the ‘All Desktop and Server clients’ built-in collection found in Configuration Manager.
Once you create a policy, you can manage it in the Endpoint detection and response blade to make edits, monitor reporting, and view devices successfully onboarded to Defender EDR.
To ensure devices are secure and onboarded to Defender, navigate to the Endpoint Security > Overview page to view the summary of reports related to devices running Defender for Endpoint workloads. This includes dashboard reporting on the tenant Defender for Endpoint connector status, Defender EDR deployment numbers, and the Antivirus agent status. You can drill down into the detailed reports and have quick links to other relevant reports based on Antivirus signals, detected malware, Firewall status, and additionally resides in the Defender portal.
For example,navigate to see the detailed Antivirus signals using the Intune reports under Reports > Antivirus > Antivirus agent status to view data related to agent status, engine and signature versions, AV running state, etc. The reports come with search, filter, sort, and data export capabilities.
These enhancements have made it easier and more efficient to onboard Defender for Endpoint with Intune, ensuring your devices are always protected with the latest security features. Try it out and let us know what you think!
Conclusion
We hope you find these new features helpful and convenient for managing your Defender for Endpoint deployment with Intune. With these enhancements, you can easily monitor and secure your devices from a single console and leverage the power of cloud-based threat detection and response.
We are always listening to your feedback and working to improve our products and services. Please share your thoughts and suggestions with us through the Endpoint security forum, leaving a comment below or reaching out to us on X @IntuneSuppTeam!