Unified endpoint security using Microsoft Endpoint Manager
Published May 26 2020 06:15 AM 23.5K Views

You may have noticed the deep integration between endpoint security and endpoint management, both in your changing requirements and within the Microsoft 365 product experience. Microsoft Endpoint Manager now includes a single pane of glass for all endpoint security actions, such as endpoint configuration, deployment, and management. In this post, I’ll go deeper into the evolution of unified endpoint security and how Microsoft 365 keeps you ahead in the modern cybersecurity landscape.

The Microsoft Endpoint Manager team is working with our Microsoft 365 customers every day, and we consistently hear from them that there's a clear division between security and IT teams.

Security teams aim to protect their organizations from malicious actors, and they employ specific tools and procedures to help them achieve protection.

The goal of IT teams is end-user productivity and helping  users to be efficient and effective in their roles.

In many organizations these are disconnected objectives that can cause friction between teams. Security teams are deploying extra agents, slowing down boot times and impacting end-user experience . IT teams aren’t patching fast enough or securing their operating systems strongly enough, and they are deploying vulnerable applications.

It can seem as if there’s a brick wall between these teams, and that brick wall can interfere with effective enterprise security management.


The Microsoft approach to security and IT management is different. With security and management integration across the entire Microsoft 365 product suite, we’re breaking down the brick wall between security and IT to help make both teams more effective for your organization.

With many customers moving to Microsoft Defender Advanced Threat Protection (ATP) as their primary endpoint security solution, we identified the need to provide dedicated security administrator experiences.

A security administrator can work for the IT organization or the security organization, and day-to-day responsibilities include defining IT security policies, deploying security configuration, and running vulnerability assessments.


Customers who purchase Microsoft 365 get best of breed security and management products with Microsoft Defender ATP and Microsoft Endpoint Manager, both of which have deep native integration into Windows 10 and Office 365. There are no extra agents to deploy, no servers to stand up, and no additional licenses to purchase.

Microsoft Endpoint Manager and Microsoft Defender ATP are better together

By using Microsoft Endpoint Manager and Microsoft Defender ATP, you can integrate endpoint management and endpoint security in a unified Microsoft 365 experience. This gives you powerful tools to help protect all your endpoints against today’s sophisticated cyberthreats.

Security teams appreciate the integrated benefits, including:

  • A single security configuration experience without engaging the IT team
  • Visibility into every IT managed endpoint in the organization
  • Read-only access to configurations deployed by the IT team
  • Consolidated administrative experience for on-premises, cloud, and server endpoints
  • No need to manage agent/client health, and no need to stand up new servers
  • One license to manage the entire security posture of an endpoint

IT teams appreciate:

  • Built-in security that reduces performance degradation due to multiple conflicting agents
  • Delegated admin controls to share responsibilities with security peers
  • Tools to help IT remediate vulnerabilities in a timely manner
  • Visibility into security changes that might affect users

Along with these benefits, our integrated approach introduces several security and IT innovations, including:

  • Microsoft Defender ATP security baselines
  • Threat and vulnerability management capabilities
  • Streamlined onboarding to Microsoft Defender ATP across device types
  • Microsoft Defender ATP risk score integration into Conditional Access
  • Support across platforms including Windows, macOS, iOS, and Android
  • Tamper protection for Windows security configurations

As our teams continue to innovate, we’re always looking for new ways to delight our customers with unique security and IT integrations.


Endpoint security in Microsoft Endpoint Manager

Earlier this year we announced the Endpoint security node in Microsoft Endpoint Manager.


You can browse to the Endpoint security node directly by bookmarking https://aka.ms/EndpointSecurity, access it from Microsoft Endpoint Manager (https://endpoint.microsoft.com) under Endpoint security, or access it from the Microsoft Defender Security Center (https://securitycenter.windows.com) under Configuration Management.

The Endpoint security node is designed as a one-stop-shop for all tasks the security administrator persona needs to perform. This includes management of antivirus programs, firewalls, disk encryption, threat protection, identity protection, conditional access policies, security baselines, and more. Users added to the Endpoint Security Manager role in Endpoint Manager or the Security Administrator role in Azure Active Directory are granted permissions to manage endpoint security.

Security administrators can view enterprise managed devices and device configuration, and they can perform remote actions like updating security definitions or rebooting endpoints.

Security baselines provide IT and security admins a starting point to secure Windows 10 devices. The Windows 10 security baseline provides a native mobile device management (MDM) implementation of the Microsoft defined Windows security baselines, and the Microsoft Defender ATP security baseline offers best practice configuration for Microsoft Defender ATP.

Security tasks help IT and security admins work with their SecOps counterparts on app and configuration vulnerabilities. SecOps engineers can raise security flags to notify IT of apps that need to be updated and include the list of impacted devices without leaving their endpoint security console.

Endpoint security policies provide security admins granular control over security configurations. Security administrators can manage:

  • Antivirus programs for Windows and macOS
  • Windows Security experience, including Tamper Protection
  • Disk encryption for Windows and macOS
  • Firewall for Windows and macOS, including granular rule definitions for Windows
  • Streamlined onboarding for endpoint detection and response
  • Attack surface reduction, including rules, device control, exploit protection, application control, and more
  • Account protection, including configuration of Windows Hello for Business

We’ve even included the Device compliance and Conditional Access nodes into the Endpoint security node, so security administrators can set access control rules for their cloud services based on their endpoint security posture.

We’re committed to building out even richer security administrator experiences in the future, including admin actions, reporting, and intelligent configuration—and expect to add value each month. New features this month include:

  • Split firewall rule experience
  • Unhealthy Windows Antivirus report integrated into the Endpoint security node
  • Policy duplication for change management

Support for cross-platform security

Our endpoint security experiences aren’t limited to Windows 10. Microsoft Endpoint Manager is a leader in cross-platform device management, and endpoint security is no different.

Microsoft Defender ATP Antivirus, FileVault disk encryption, and Firewall configuration are available for macOS devices that are managed by Endpoint Manager. Device compliance is available for all supported platforms including mobile.

We’re excited to extend our security and management experiences to mobile devices. In preview, we support device compliance signals from Microsoft Defender ATP for Android. To join the preview, see How to test Microsoft Defender ATP (preview) based device compliance on Android.

Support for Microsoft Intune, Microsoft Endpoint Configuration Manager, and co-management scenarios

We understand that security management is only effective if every endpoint has coverage. Our endpoint security experiences allow you to target security configuration for devices that are managed in three ways:

  • Cloud-only managed devices
    Cloud-only managed devices are devices born in the cloud and fully managed by Microsoft Intune. All endpoint security policies are applicable for both Windows and Mac endpoints.
  • Cloud and Configuration Manager managed devices
    Known as co-management, these devices are registered into Intune and  managed by the full Configuration Manager client. When the Endpoint Protection workload has been moved to Configuration Manager, the Endpoint security policies will be honored over the Configuration Manager native Endpoint Protection policies. Features such as firewall rule management and tamper protection are unique to cloud only and comanaged devices.
  • Configuration Manager managed devices
    These devices are not registered into Intune, and they are fully managed by Configuration Manager. Policy is targeted from the Microsoft Endpoint Manager console, yet policy delivery is performed by on-premises Configuration Manager infrastructure. Our first supported policy type is the Endpoint detection and response policy, with more policy types planned for future releases. (This management channel also allows policy targeting and application for server clients managed by Configuration Manager.)

With these investments in cross-product integration, dedicated security administrator experiences, cross-platform support, and complete enterprise endpoint coverage, we believe Microsoft 365 customers are positioned to provide the security posture they require while empowering every employee to achieve more.


To learn more about the Endpoint security experience, see our technical documentation at https://docs.microsoft.com/mem/intune/protect/endpoint-security.

1 Comment
Version history
Last update:
‎May 26 2020 06:15 AM
Updated by: