At a time when threats like ransomware are becoming increasingly sophisticated and agile, having device security settings properly configured can be the difference between preventing an attack and experiencing a breach. Misconfigurations account for 21% of all error-related breaches, so security teams need a solution that makes posture management easy.
Microsoft Defender for Endpoint enables organizations to proactively harden their security configurations, with tailored recommendations for resolving at-risk devices. Today we are excited to announce the General Availability of simplified settings management in Defender for Endpoint to make prevention for customers even easier, as we continue to deliver on our mission to provide both comprehensive endpoint security and an experience that delights users. This new experience is deeply centered in feedback from our customers to simplify the way you can work in Defender for Endpoint.
- Streamlined security settings management in the Defender portal by removing the dependency on the Microsoft Intune admin center.
- Native support for Linux, and macOS by removing the dependency on 3rd party tools.
- Easy and reliable device enrollment by removing the dependency on Entra ID.
It's now easier than ever to create, modify, and deploy device security policies across Windows, macOS, and Linux with Defender for Endpoint to secure your devices. With General Availability, policies can now be applied for settings including endpoint detection and response, antivirus exclusions, attack surface reduction, firewall, attack surface reduction, and more. For customers who also use Microsoft Intune, policies whether they are set in Defender or Intune are automatically synced so security and IT teams have the same information available and can stay in the flow of their respective work.
Defender for Endpoint makes spotting misconfigurations easy with Microsoft Secure Score. Secure Score continuously assesses your environment for weaknesses and provides tailored recommendations to remediate at-risk devices. Security teams can remediate any weaknesses due to misconfigurations using security settings management by following these steps:
Step 1: Configure your tenant
After verifying your tenant meets the pre-requisites, enabling security settings management requires turning on the relevant toggles in both Microsoft Defender for Endpoint and Microsoft Intune. Please follow the steps documented here.
Note: The Endpoint Security Policies page in the portal is available for users that have at minimum, both the Microsoft Defender for Endpoint administrator (default) role and the Intune built-in role, Endpoint Security Manager. These permissions are granted automatically to users with the Global Microsoft Entra role Security Administrator. Microsoft Defender for Endpoint users that have the Security Reader role only will be unable to access these features.
Step 2: Deploy security policies to devices
Go to the new Endpoint security policies tab in the Microsoft 365 Defender navigation bar. Here, you can create and edit security policies for your multiplatform devices.
Figure 1: Endpoint security policies page in Microsoft 365 Defender showing an inventory of all security policies created and targeted across Windows, macOS, and Linux devices.
Click on a policy to view the configured settings and devices targeted with that policy and their status.
Step 3: Validate the policy assignment
When selecting a device from the Devices page, a new Security policies tab can be seen. This tab lists all the targeted policies for the selected device.
Figure 2: Device page in Microsoft 365 Defender showing all the security policies configured to the selected device.
Note: It can take up to 90 minutes for a policy to reach a device. For devices managed by Defender for Endpoint, this process can be expedited. Simply select Policy sync from the actions menu and the selected policy will be applied to that Defender for Endpoint managed device in approximately 10 minutes.
Figure 3: Device page in Microsoft 365 Defender showing the Policy sync action in the actions menu.
To help organizations maintain a strong security posture, Microsoft provides comprehensive vulnerability and posture management capabilities that include security baselines across industry standards, configuration assessment, and repeat-attack prevention – as the only endpoint security vendor in the market. Simplified settings management in Defender for Endpoint was key in further optimizing these end-to-end capabilities for customers, and we could not be more excited to deliver them.
- Check out our documentation and get started with security settings management in Defender for Endpoint
- Watch the Microsoft Virtual Ninja Show “Overview” and “Deep dive” episodes for security settings management
Let us know what you think!
We are excited to empower security teams with a simplified way to enroll and configure their multiplatform devices with the new security settings management experience. Let us know what you think in the comments below.