使用 Intune 中的条件访问强制执行 Microsoft Defender for Endpoint 的合规性Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune

可以将 Microsoft Defender for Endpoint 和 Microsoft Intune 集成为移动威胁防御解决方案。You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. 集成可让你免受安全漏洞的威胁,并帮助限制组织中的漏洞影响。Integration can help you prevent security breaches and limit the impact of breaches within an organization.

Microsoft Defender for Endpoint 适用于运行以下系统的设备:Microsoft Defender for Endpoint works with devices that run:

  • AndroidAndroid
  • iOS/iPadOSiOS/iPadOS
  • Windows 10 或更高版本Windows 10 or later

若要成功,你将配合使用以下配置:To be successful, you'll use the following configurations in concert:

  • 在 Intune 和 Microsoft Defender for Endpoint 之间创建一个服务到服务的连接。Establish a service-to-service connection between Intune and Microsoft Defender for Endpoint. 通过这个连接,Microsoft Defender for Endpoint 可以从使用 Intune 管理的受支持设备收集有关计算机风险的数据。This connection lets Microsoft Defender for Endpoint collect data about machine risk from supported devices you manage with Intune.
  • 使用设备配置文件将设备载入 Microsoft Defender for Endpoint。Use a device configuration profile to onboard devices with Microsoft Defender for Endpoint. 载入设备将其配置为与 Microsoft Defender for Endpoint 进行通信,并提供有助于评估其风险级别的数据。You onboard devices to configure them to communicate with Microsoft Defender for Endpoint and to provide data that helps assess their risk level.
  • 使用设备合规性策略设置要允许的风险级别Use a device compliance policy to set the level of risk you want to allow. 由 Microsoft Defender for Endpoint 报告风险级别。Risk levels are reported by Microsoft Defender for Endpoint. 将超出允许风险级别的设备识别为不合规。Devices that exceed the allowed risk level are identified as noncompliant.
  • “使用条件访问策略”阻止用户从不合规的设备访问公司资源。Use a conditional access policy to block users from accessing corporate resources from devices that are noncompliant.

将 Intune 与 Microsoft Defender for Endpoint 集成时,可以充分利用 Microsoft Defender for Endpoint 威胁和漏洞管理 (TVM) 并使用 Intune 修正由 TVM 标识的终结点漏洞When you integrate Intune with Microsoft Defender for Endpoint, you can take advantage of Microsoft Defender for Endpoints Threat & Vulnerability Management (TVM) and use Intune to remediate endpoint weakness identified by TVM.

将 Microsoft Defender for Endpoint 和 Intune 结合使用的示例Example of using Microsoft Defender for Endpoint with Intune

下面的示例有助于解释这些解决方案如何协同工作以帮助保组织。The following example helps explain how these solutions work together to help protect your organization. 在本例中,Microsoft Defender for Endpoint 和 Intune 已经集成在一起了。For this example, Microsoft Defender for Endpoint and Intune are already integrated.

有人向组织内的用户发送包含嵌入式恶意代码的 Word 附件。Consider an event where someone sends a Word attachment with embedded malicious code to a user within your organization.

  • 在用户打开附件时,将启用内容。The user opens the attachment, and enables the content.
  • 提升的权限攻击随即启动,且来自远程计算机的攻击者对受害者的设备具有管理权限。An elevated privilege attack starts, and an attacker from a remote machine has admin rights to the victim's device.
  • 然后,攻击者会远程访问用户的其他设备。The attacker then remotely accesses the user's other devices. 此安全漏洞可能会影响整个组织。This security breach can impact the entire organization.

Microsoft Defender for Endpoint 可以帮助解决类似这种情况的安全事件。Microsoft Defender for Endpoint can help resolve security events like this scenario.

  • 在本例中,Microsoft Defender for Endpoint 检测设备是否存在以下情形:执行了异常代码、遇到了进程权限提升、插入了恶意代码,以及发布了可疑的远程 Shell。In our example, Microsoft Defender for Endpoint detects that the device executed abnormal code, experienced a process privilege escalation, injected malicious code, and issued a suspicious remote shell.
  • 基于该设备的这些操作,Microsoft Defender for Endpoint 将该设备分类为高风险,并在 Microsoft Defender 安全中心门户中包含可疑活动的详细报告。Based on these actions from the device, Microsoft Defender for Endpoint classifies the device as high-risk and includes a detailed report of suspicious activity in the Microsoft Defender Security Center portal.

可以将 Microsoft Defender for Endpoint 和 Microsoft Intune 集成为移动威胁防御解决方案。You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. 集成可让你免受安全漏洞的威胁,并帮助限制组织中的漏洞影响。Integration can help you prevent security breaches and limit the impact of breaches within an organization.

因为你有 Intune 设备合规性策略来对具有“中等”或“高”风险级别的设备分类为不合规,所以受危害的设备被分类为不合规 。Because you have an Intune device compliance policy to classify devices with a Medium or High level of risk as noncompliant, the compromised device is classified as noncompliant. 这种分类允许条件访问策略介入并阻止从该设备访问公司资源。This classification allows your conditional access policy to kick in and block access from that device to your corporate resources.

对于运行 Android 的设备,你可以使用 Intune 策略修改 Android 上 Microsoft Defender for Endpoint 的配置。For devices that run Android, you can use Intune policy to modify the configuration of Microsoft Defender for Endpoint on Android. 有关详细信息,请参阅 Microsoft Defender for Endpoint Web 保护For more information, see Microsoft Defender for Endpoint web protection.

必备条件Prerequisites

订阅Subscriptions:
若要将 Microsoft Defender for Endpoint 与 Intune 结合使用,请确保具有以下订阅:To use Microsoft Defender for Endpoint with Intune, you must have the following subscriptions:

  • Microsoft Defender for Endpoint - 此订阅将授予你对 Microsoft Defender 安全中心(ATP 门户)的访问权限。Microsoft Defender for Endpoint - This subscription provides you access to the Microsoft Defender Security Center (ATP portal).

    包含 Microsoft Defender for Endpoint 许可证的常见选项:Common options that include a Microsoft Defender for Endpoint license:

    • Microsoft 365 E5Microsoft 365 E5
    • Windows 10 Enterprise E5(Microsoft 365 E5 中附有此许可证)Windows 10 Enterprise E5 (This license is included with Microsoft 365 E5)

    有关详细信息,请参阅 Microsoft Defender for Endpoint 的最低要求中的许可要求。For more information, see Licensing requirements in Minimum requirements for Microsoft Defender for Endpoint.

  • Microsoft Intune - 此订阅将授予你对 Microsoft Endpoint Manager 管理中心的访问权限。Microsoft Intune – This subscription provides access to Intune and the Microsoft Endpoint Manager admin center.

    包含 Microsoft Intune 许可证的常见选项:Common options that include a Microsoft Intune license:

    • Microsoft 365 商业高级版Microsoft 365 Business Premium
    • Microsoft 365 E3Microsoft 365 E3
    • Microsoft 365 E5Microsoft 365 E5
    • 企业移动性 + 安全性 E3Enterprise Mobility + Security E3
    • 企业移动性 + 安全性 E5Enterprise Mobility + Security E5

    有关详细信息,请参阅 Microsoft Intune 许可For more information, see Microsoft Intune licensing.

Intune 托管的设备Devices managed with Intune:
具有 Microsoft Defender for Endpoint 的 Intune 支持以下平台:The following platforms are supported for Intune with Microsoft Defender for Endpoint:

  • AndroidAndroid
  • iOS/iPadOSiOS/iPadOS
  • Windows 10(已联接混合 Azure Active Directory 或 Azure Active Directory)Windows 10 (Hybrid Azure Active Directory Joined or Azure Active Directory Joined)

后续步骤Next steps

有关详细信息,请参阅 Intune 文档:Learn more from the Intune documentation:

从 Microsoft Defender for Endpoint 文档中了解详细信息:Learn more from the Microsoft Defender for Endpoint documentation: