Jul 28 2022 05:39 AM
Hello there,
My question would be around Windows 10 and above Devices joined to AzureAD and MEM/Intune managed. Is the "Microsoft Defender for Endpoint Baseline" the best Baseline policy set to use or shall we use now as well the dedicated Policies inside of the Endpoint Security Blade ? i have seen some deviations especially in the Antivirus Profile options as well as in Bitlocker. There are more details to configure then in the Baseline package. Although still some specific settings seems to be better integrated into the Baseline package. As this Unified Security Management was mostly created for non MDM onboarded Devices i wanted to know what is the official recommendation to ensure the upmost Security Config is enabled but without constant conflicts in policies as you simply cant disable parts of the Baseline Profiles and some settings are not in there which means it ends up in conflicts all the time if you actually want to have a mix of both worlds. Just curious how others do to get best line of defense.
rgs
Jul 28 2022 04:00 PM
Jul 29 2022 09:04 AM
Jul 29 2022 09:25 AM - edited Jul 29 2022 09:26 AM
SolutionHi @Ueli Zimmermann,
/* From the configuration standpoint, MEM surfaces multiple baseline templates that are recommendations from security experts on what admins should configure in their environments. The Microsoft Defender for Endpoint Baseline is an example of those for Defender related settings. When configuring the baseline, you can choose to customize the recommended values for the settings for certain exceptions. The endpoint security templates like AV, Firewall, Bitlocker are available to complement the baselines for anything else that you want to configure, plus the settings catalog and ADMX policy types to add more settings in your environment. To your question – “so which one should I use?”, it depends on if you want to leverage baselines to keep up to date with the MDE recommendations + have an easy template to follow versus if you want to use endpoint security templates to configure your own settings.
Ultimately, the decision is up to you on how you want to implement security configurations and follow a Zero Trust model:
Microsoft 365 Zero Trust deployment plan
https://docs.microsoft.com/en-us/microsoft-365/security/microsoft-365-zero-trust?view=o365-worldwide
*/
Thanks,
Yong Rhee - MSFT
Jul 29 2022 09:25 AM - edited Jul 29 2022 09:26 AM
SolutionHi @Ueli Zimmermann,
/* From the configuration standpoint, MEM surfaces multiple baseline templates that are recommendations from security experts on what admins should configure in their environments. The Microsoft Defender for Endpoint Baseline is an example of those for Defender related settings. When configuring the baseline, you can choose to customize the recommended values for the settings for certain exceptions. The endpoint security templates like AV, Firewall, Bitlocker are available to complement the baselines for anything else that you want to configure, plus the settings catalog and ADMX policy types to add more settings in your environment. To your question – “so which one should I use?”, it depends on if you want to leverage baselines to keep up to date with the MDE recommendations + have an easy template to follow versus if you want to use endpoint security templates to configure your own settings.
Ultimately, the decision is up to you on how you want to implement security configurations and follow a Zero Trust model:
Microsoft 365 Zero Trust deployment plan
https://docs.microsoft.com/en-us/microsoft-365/security/microsoft-365-zero-trust?view=o365-worldwide
*/
Thanks,
Yong Rhee - MSFT