Protect data and site infrastructure

Applies to: Configuration Manager (current branch)

You want your users to securely access your organization's resources. Protect both your infrastructure and your data from exposure or malicious attack. Use Configuration Manager to enable access and help protect your organization's resources.

  • Endpoint Protection lets you manage the following Microsoft Defender policies for client computers:

    • Microsoft Defender Antimalware
    • Microsoft Defender Firewall
    • Microsoft Defender Advanced Threat Protection
    • Microsoft Defender Exploit Guard
    • Microsoft Defender Application Guard
    • Microsoft Defender Application Control


    To manage endpoint protection on co-managed Windows 10 devices using the Microsoft Endpoint Manager cloud service, switch the Endpoint Protection workload to Intune. For more information, see Endpoint protection for Microsoft Intune.

  • Protect data stored on on-premises Windows clients with BitLocker Drive Encryption (BDE). Configuration Manager provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring (MBAM). For more information, see Plan for BitLocker management.

  • Instead of traditional passwords, enable alternative sign-in methods on Windows 10 devices using Windows Hello for Business. For more information, see Windows Hello for Business settings.

  • Minimize your users' efforts to connect to resources by enabling VPN connectivity using VPN profiles. For more information, see VPN profiles.

  • Wi-fi profiles provide a set of tools and resources to help you manage wireless network settings on devices in your organization. By deploying these settings, you minimize the effort that end users require to connect to wireless networks. For more information, see Wi-fi profiles.

  • Provision devices with the certificates that users need to connect to resources. For more information, see Certificate profiles.