Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Intune security baseline VS Antivirus

Frequent Contributor

Dear all,

 

I realize the security baseline and the antivirus profile create many conflicts.  

Sk73_0-1639474214603.png

Wondering to know:

1. The security baseline is the top priority and I shouldn't turn off or remove the assigned group, right?

2. The Antivirus profile when is a good time to use it? Is this is for when we use a third party Antivirus?

 

Will be grateful for any advice you can provide.

Sk-73,

Thank you.

4 Replies

Hi @Sk-73

 

You could have conflict if you configure different settings in the profiles. The security baseline will be updated by Microsoft multiple times a year (frequently after a release) and if you want to change a setting you have to migrate to the newest baseline. 

 

The purpose of the antivirus policy is not to configure a 3th party antivirus solution , but it's meant to configure Microsoft Defender. 

 

It's up to you which profile you want to use, but if you configure both you have to configure the same settings. 

 

I always use the Antivirus profile and set all the antivirus settings in the security baseline to not configured or the same as I have configured in the antivirus profile.

 

I've decided to use the antivirus profile instead of the security baseline or other profiles, because with the Antivirus profile you have more option to configure as what is included in security baseline. I want also to have the management of the configuration as easy as possible. So 1 place(profile) for the Windows Defender antivirus configuration

 

I hope this answer your question, please let me know if you have more questions.

 

If my answer answers your question, please mark it as the answer

 

Kind regards,

 

Rene

 

 

 

Hi.. In my opinion, the security baselines are pretty good for companies who just want to enable some baseline security.
But I rather configure most stuff on my own, so I know what it does and which setting could give issues. Just like enabling device guard with the security baseline :).... Not my cup of tea

And antivirus is indeed another good example... Just like the ASR, account protection and all the other stuff in the endpoint security :)

https://call4cloud.nl/2021/05/microsoft-edge-and-the-fantabulous-security-of-one-browser/
https://call4cloud.nl/2021/08/endpoint-security-the-curse-of-the-were-applocker/

Hi @Mr_Helaas 

Sorry for the late response.

Thank you for providing very useful information. I will have a discussion with my team. Cheers! :smile:

Hi @Rudy_Ooms_MVP 

Sorry for the late response.

Appreciate your kind opinion. I'll come back to you guys if I have any questions. :smile:

Cheers!