Add endpoint protection settings in Intune

Is this page helpful?

With Intune, you can use device configuration profiles to manage common endpoint protection security features on devices, including:

  • Firewall
  • BitLocker
  • Allowing and blocking apps
  • Windows Defender and encryption

For example, you can create an endpoint protection profile that only allows macOS users to install apps from the Mac App Store. Or, enable Windows SmartScreen when running apps on Windows 10 devices.

Before you create a profile, review the following articles that detail the endpoint protection settings Intune can manage for each supported platform:

Create a device profile containing endpoint protection settings

  1. Sign in to Intune.

  2. Select Device configuration > Profiles > Create profile.

  3. Enter a Name and Description for the endpoint protection profile.

  4. From the Platform drop-down list, select the device platform to which you want to apply custom settings. Currently, you can choose one of the following platforms for device restriction settings:

    • macOS
    • Windows 10 and later
  5. From the Profile type drop-down list, choose Endpoint protection.

  6. Depending on the platform you chose, the settings you can configure are different. See:

  7. After you configure applicable settings, select Create on the Create profile page.

    The profile is created and appears on the profiles list page. To assign this profile to groups, see assign device profiles.

Next steps

To assign a profile to groups, see assign device profiles.