Custom compliance, actionable insights improve security posture
Published Jun 08 2022 09:01 AM 6,414 Views

Security and IT professionals congregated in San Francisco this week for the RSA Conference 2022. Their goals included learning and sharing best practices to protect people and organizations against increasing cyber-security threats.

Today, we are announcing updates in Microsoft Endpoint Manager that offer more visibility and control over your organization's ability to mitigate those threats and proactively improve endpoint experiences.

Measure success and progress in reducing risk

Assessing your security posture and measuring improvements is one way to demonstrate how your organization is winning the battle against security threats. Microsoft Secure Score, a measurement of an organization's security posture, is available today in the Microsoft Security Center. Security Score can be used for assessing risk, driving configuration actions, planning improvements, and reporting to management. Improvements in Secure Score can be monitored over time and reported to reflect the results of the actions administrators made to improve their security posture.

In the Q3 releases, we will start to share the device management and protection actions administrators took in Endpoint Manager to improve endpoint security with Security Score. This is the information collected across your organization's Windows, Mac, iOS/iPad, and Android endpoints. It aligns with the Microsoft recommendations for endpoint protection and security needed for a Zero Trust security model. For example:

  • Were app compliance and app protection policies applied to mobile and Mac devices?
  • Is jailbreak device detection enabled?
  • Are Windows Update policies configured?

To learn more about how these actions will affect your Security Score, please watch for updates in the Microsoft Secure Score documentation and monitor the What's new in Microsoft Intune release notes page.

See a list of actions you can take to improve your Microsoft Secure ScoreSee a list of actions you can take to improve your Microsoft Secure Score

Flexibility for a Zero Trust best practice

Endpoint Manager empowers administrators to define and apply the device settings needed to allow secure access to company resources and thus apply one of the principles of Zero Trust: least privilege access. While a wide set of attributes to ensure device compliance are available through Windows configuration service providers (CSPs) and supported in Endpoint Manager, some organizations require even more flexibility.

In November 2021, we announced the public preview of a capability that allows admins to use PowerShell scripts to collect any data from Windows devices that can be gathered or calculated through PowerShell, and then use that data to determine the compliance state of the device. We also shared the ability for admins to provide the instructions users see in Microsoft Intune Company Portal to get their endpoints back into a compliant state if they fall out of compliance with these custom settings.

Today, we are pleased to announce this customizable compliance capability will be generally available in the coming months (targeting 2207 release) for Endpoint Manager and will be available to customers in Microsoft plans that include Microsoft Intune. To learn more, see Use custom compliance settings in Microsoft Intune.

Getting ahead with more granular insights

Endpoint analytics provide visibility into the health and performance of your Windows endpoints. Whether your device estate is connected to the cloud and co-managed or fully managed in the cloud with Microsoft Intune, Endpoint Manager enables IT administrators to proactively identify and address issues and anomalies that may impact end user experiences.

Today, we are announcing the general availability to add model scores to Endpoint analytics in the 2206 release of Endpoint Manager. With this change, the work from anywhere app reliability report, and all other reports that provide tenant-level insights, will now provide a device/model level score. This way, administrators can get visibility into which device models are the most performant for their end users and can project and prioritize the next hardware refresh cycle. It will further enable them to troubleshoot individual device-level issues and get deeper insights into model-level experiences. We are also adding health status information. Administrators can quickly determine which device models are meeting performance expectations and goals, so they can quickly and easily see where action needs to be taken.

Health status has been added to the model specific device scores in the Microsoft Endpoint Manager admin centerHealth status has been added to the model specific device scores in the Microsoft Endpoint Manager admin center

With this increased, holistic view, administrators have more visibility and more granular insights into the end-user experiences, which can help reduce the time helpdesk workers need to resolve issues and, better yet, empower administrators to get ahead of issues before an end user reports a problem.

Continue the conversation. Find best practices. Visit the Endpoint Manager Tech Community.

Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to the Microsoft Endpoint Manager blog and follow us @MSIntune on Twitter.


Version history
Last update:
‎Jun 08 2022 07:25 AM
Updated by: