MDM Security Baseline vs Intune Profile
Hi all, I am testing currently the 2 profiles in the Security Baselines in default configuration. As they are now checked against the endpoint there is one Error in the Per-settings status: Type of system scan to perform Problem is now - I cannot see anything configured in the MDM Security Baseline for May 2019 the setting itself in the Intune profile is configured. Any idea? Best regards Miguel
Defender for Endpoint for devices with Intune in Endpoint Manager
I am trying to deploy Defender for devices with Intune in Endpoint Manager. As shown in the picture below, I am trying connect Windows devices to Defender but I keep getting the error highlighted. It's been like that for 4 days. The intune connection thing is enabled on Defender console too. Anyone else have this problem too?Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)
We are using Microsoft Defender for Endpoint and configured daily quick scans and weekly full scans. The quick scans don't create any problems but the full scans are a big problem. Devices are not usable while the scan is running, e.g. one click in MS Teams takes about one minute to complete. We are using the defaults recommended by Microsoft in our configuration profiles. What are the recommended settings for fine tuning full scans (e.g. ScanAvgCPULoadFactor) or are there specifi settings which are to be disabled in order to improve performance (e.g. DisableArchiveScanning). Thank you!Manage USB Devices with Intune/Endpoint Manager
Hi We have just rolled out our new laptops using autopilot and managed through intune. I want to use EndPoint Manager to create some prevent/allow rules to manage usb devices i.e. I want to block everything but allow exceptions i.e. all keyboards, mice etc but only particular models of phones or usb storage devices. I thought of using "Allow installation of devices that match any device id" and the "Prevent installation of devices not described" This doesn't seem to block drives that are already installed. Is there are way of doing this? Thanks Alistair
