Jump to content

Recommended Posts

  • FPCH Admin
Posted

As advanced threats such as ransomware continue to increase in velocity, and sophistication, organizations are evolving their endpoint security strategies away from point solutions to a more holistic security approach focused on vendor consolidation. At the same time, we continue to see a gap between security and IT teams to achieve a seamless and effective operating model for effective endpoint security.

 

 

 

While many endpoint security solutions now provide some level of endpoint management experience that include capabilities such as device inventory and policy authoring, they are often disconnected from the tools IT teams use to do many of the same things. This combination leads to a lack of visibility and coordination among these two groups, leaving too much room for security gaps to grow.

 

 

 

Microsoft believes organizations can protect their endpoints more effectively by bringing their security and IT teams closer together. Today we are excited to announce the public preview of a unified security settings management experience that offers a consistent, single source of truth for managing endpoint security settings across Windows, macOS, and Linux. It is built into the Microsoft 365 Defender portal, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune.

 

 

 

Starting today, customers will benefit from a host of new capabilities:

 

  • Native security settings management capabilities in Defender for Endpoint that support Windows, macOS, and Linux
  • Existing endpoint security policies are automatically ingested in the Microsoft 365 Defender portal
  • Create and edit AV policies directly from the Microsoft 365 Defender portal
  • Policies are automatically synced with Microsoft Intune to ensure coordination between IT and Security teams for organizations who use Intune as a full management suite.
  • A new list on the device page, that shows all security policies and their settings
  • Simplified device onboarding: Removal of Azure Active Directory hybrid join as a management prerequisite

 

 

 

Cross-platform support

 

 

Security administrators can now use the security settings management capabilities in Defender for Endpoint to manage their security configuration settings across Windows, macOS and Linux devices without the need for separate management tools, or updates to IT resources.

 

 

 

Managing security policies in the Microsoft 365 Defender portal

 

 

Up until today, security administrators were required to use additional tools to manage their endpoint security settings, which can slow down response. The new integration of Microsoft Intune’s endpoint security experience into the Microsoft Defender for Endpoint bridges this gap to help organizations better protect themselves by operating from a single portal.

 

 

 

While Microsoft Intune is not a requirement, the seamless sync offers additional benefits for organizations using both products. All data is shared, always in sync and therefore ensures that IT and security teams share single source of truth for both IT administrators using Microsoft Intune and Security administrators – thanks to this integration, both administrators will see the same data between their portals, preventing confusion, misconfigurations and potential security gaps.

 

 

 

 

 

Simplified device onboarding

 

 

For organizations that wanted to use security settings management capabilities in the past, Defender for Endpoint required all devices to fully register with Azure AD. This required fixing of pre-existing misconfigurations that prevented devices from successfully joining their identity inventory. Starting today, devices no longer need to be joined to the organizations Azure AD and can instantly be managed with Defender for Endpoint. This significantly simplifies the onboarding process and security settings can be deployed to all in-scope devices immediately.

 

 

 

Let’s take a look at the new, integrated experience.

 

 

 

Manage your security policies

 

View all your Intune security policies directly in the Microsoft 365 Defender portal by going to Configuration Management > Endpoint Security Policies. You can filter the list as well as search for specific policies using the built-in ‘filter’ and ‘search’ capabilities.

 

 

 

large?v=v2&px=999.pngImage 1: Security policy interface in the Microsoft 365 Defender portal

 

 

 

AV policies for Windows, Linux and MacOS can be created from the portal.

 

large?v=v2&px=999.pngImage 2: Create a new policy

 

 

 

The device page includes a list of received policies, as well as their respective settings and status:

 

 

 

large?v=v2&px=999.pngImage 3: New device page

 

 

 

With this update we want to make sure that the transition is seamless for all existing customers. Here is how the transition will work:

 

 

 

  • All Windows devices that previously used this management feature, will seamlessly transition to use the new, lightweight mechanism.
  • Devices that were previously managed by Defender for Endpoint but had enrollment errors will now seamlessly be enrolled.
  • Devices that are already fully registered with Azure AD and are receiving policies, will remain registered to Azure AD and continue to receive policies.

 

 

 

Get started today!

 

 

While this change doesn’t require any immediate administrative action, you can take the following actions to prepare for this upgrade:

 

Step 1: Turn on preview features

 

 

Make sure you have preview features enabled in order to use Native Security Settings Management for Microsoft Defender for Endpoint

 

  1. In the Microsoft 365 Defender portal navigation pane, select Settings > Endpoints > Advanced features > Preview features.
  2. Toggle the setting On and select Save preferences.

 

 

 

Step 2: Review how Settings Management for Microsoft Defender for Endpoint is configured

 

 

We recommend navigating to the Microsoft 365 Defender portal and reviewing which devices you intend to manage using by Defender for Endpoint at Settings > Endpoints > Configuration management > Enforcement scope. Make sure the feature is turned on, and that for each Operating System, your management preferences have been configured accurately. Advanced configuration options which were available until today remain effective and are outlined in our main documentation.

 

 

 

large?v=v2&px=999.pngImage 4: Security settings management configuration

 

 

 

Step 3: Create a dynamic AAD group to automatically target devices with policies

 

 

 

 

To ensure that all endpoints enrolled with security settings management capabilities for Defender for Endpoint receive policies, we recommend creating a dynamic Azure AD group based on the devices’ OS Type. Note that you can now also dynamically group servers in Azure AD.

 

By targeting security policies to these dynamic Azure AD groups, all devices managed by Defender for Endpoint will automatically be protected - without requiring admins to perform any additional tasks like creating a new policy or fine tuning existing ones.

 

 

 

Important :

If until today you’ve been creating dynamic Azure AD groups based on the “MDEManaged” or "MDEJoined" system labels, these are currently not supported for new devices that enroll using Defender for Endpoint settings management. If you still intend to dynamically group devices in Azure AD based on this criterion, we recommend using the “Management Type = microsoftSense” attribute instead.

 

 

 

More information:

 

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...