Manage Microsoft Defender for Endpoint with Intune
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
We recommend using Microsoft Endpoint Manager, which includes Microsoft Intune (Intune) to manage your organization's threat protection features for devices (also referred to as endpoints). Learn more about Endpoint Manager.
This article describes how to find your Microsoft Defender for Endpoint settings in Intune, and lists various tasks you can perform.
Find your Microsoft Defender for Endpoint settings in Intune
You must be a global administrator or service administrator in Intune to configure the settings described in this article. To learn more, see Types of administrators (Intune).
Go to the Azure portal (https://portal.azure.com) and sign in.
Under Azure Services, choose Intune.
In the navigation pane on the left, choose Device configuration, and then, under Manage, choose Profiles.
Select an existing profile, or create a new one.
Need help? See Using Microsoft Defender for Endpoint with Intune.
Configure Microsoft Defender for Endpoint with Intune
The following table lists various tasks you can perform to configure Microsoft Defender for Endpoint with Intune. You don't have to configure everything all at once; choose a task, read the corresponding resources, and then proceed.
|Task||Resources to learn more|
|Manage your organization's devices using Intune to protect those devices and data stored on them||Protect devices with Microsoft Intune|
|Integrate Microsoft Defender for Endpoint with Intune as a Mobile Threat Defense solution
(for Android devices and devices running Windows 10 or later)
|Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune|
|Use Conditional Access to control the devices and apps that can connect to your email and company resources||Configure Conditional Access in Microsoft Defender for Endpoint|
|Configure Microsoft Defender Antivirus settings using the Policy configuration service provider (Policy CSP)||Device restrictions: Microsoft Defender Antivirus
Policy CSP - Microsoft Defender for Endpoint
|If necessary, specify exclusions for Microsoft Defender Antivirus
Generally, you shouldn't need to apply exclusions. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios.
|Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
Device restrictions: Microsoft Defender Antivirus Exclusions for Windows 10 devices
Configure Microsoft Defender Antivirus exclusions on Windows Server 2016 or 2019
|Configure your attack surface reduction rules to target software behaviors that are often abused by attackers
Configure your attack surface reduction rules in audit mode at first (for at least one week and up to two months). You can monitor status using Power BI (get our template), and then set those rules to active mode when you're ready.
|Audit mode in Microsoft Defender for Endpoint
Endpoint protection: Attack Surface Reduction
Learn more about attack surface reduction rules
Tech Community blog post: Demystifying attack surface reduction rules - Part 1
|Configure your network filtering to block outbound connections from any app to IP addresses or domains with low reputations
Network filtering is also referred to as network protection.
Make sure that Windows 10 devices have the latest antimalware platform updates installed.
|Endpoint protection: Network filtering
Review network protection events in Windows Event Viewer
|Configure controlled folder access to protect against ransomware
Controlled folder access is also referred to as antiransomware protection.
|Endpoint protection: Controlled folder access
Enable controlled folder access in Intune
|Configure exploit protection to protect your organization's devices from malware that uses exploits to spread and infect other devices
Exploit protection is also referred to as Exploit Guard.
|Endpoint protection: Microsoft Defender Exploit Guard
Enable exploit protection in Intune
|Configure Microsoft Defender SmartScreen to protect against malicious sites and files on the internet.
Microsoft Edge should be installed on your organization's devices. For protection on Google Chrome and FireFox browsers, configure exploit protection.
|Microsoft Defender SmartScreen
Device restrictions: Microsoft Defender SmartScreen
Policy settings for managing SmartScreen in Intune
|Configure Microsoft Defender Firewall to block unauthorized network traffic flowing into or out of your organization's devices||Endpoint protection: Microsoft Defender Firewall
Microsoft Defender Firewall with Advanced Security
|Configure encryption and BitLocker to protect information on your organization's devices running Windows||Endpoint protection: Windows Encryption
BitLocker for Windows 10 devices
|Configure Microsoft Defender Credential Guard to protect against credential theft attacks||For Windows 10, Windows Server 2016, and Windows Server 2019, see Endpoint protection: Microsoft Defender Credential Guard
For Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, and Windows Server 2012 R2, see Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft, Versions 1 and 2
|Configure Microsoft Defender Application Control to choose whether to audit or trust apps on your organization's devices
Microsoft Defender Application Control is also referred to as AppLocker.
|Deploy Microsoft Defender Application Control policies by using Microsoft Intune
Endpoint protection: Microsoft Defender Application Control
|Configure device control and USB peripherals access to help prevent threats in unauthorized peripherals from compromising your devices||Control USB devices and other removable media using Microsoft Defender for Endpoint and Intune|
Configure your Microsoft Defender Security Center
If you haven't already done so, configure your Microsoft Defender Security Center (https://securitycenter.windows.com) to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.
You can also configure whether and what features end users can see in the Microsoft Defender Security Center.