As a major part of any corporate security program, vulnerabilities on corporate assets are required to be addressed, yet teams that solely focus on the patching aspects may be missing a key area of worry, insecure setup. Whether the asset’s configuration is unrestricted by default, or an operator has made a mistake, assets will end up in an unsecure configuration. Security teams with a proactive attitude will seek methods that automatically address asset misconfiguration, and, where possible, avert them in a centralized fashion. This blog will introduce a solution that uses multiple Microsoft products, including Microsoft Intune and Defender for Endpoint (MDE) to implement industry recognized security baselines consistently that reduces the effect on the end user, along with examining some issues and suggestions for these.

Hardening Windows Clients with Microsoft Intune and Defender for Endpoint - Microsoft Community Hub