**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody else.
There are a lot of moving parts to Windows security, and because of that, it is important to know how to manage everything. For a single computer that is simple. For an entire environment of remote workstations, you need a cloud-based anti-malware solution, such as Microsoft Defender for Endpoint (MDE).
A component of Enterprise Mobility + Security (EM+S), MDE gives you visibility into your organization’s security posture, and gives recommendations to improve it.
In order to get things going, you should connect Microsoft Intune and Microsoft Defender for Endpoint. This allows you to use MDE’s dynamically calculated machine risk scores to evaluate your compliance.
Configuring Microsoft Defender for Endpoint
- Navigate to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com)
- In the navigation pane, click Endpoint Security.
- The the Endpoint Security | Overview page, look in the context-specific navigation bar, and under Setup click Microsoft Defender for Endpoint.
- Scroll through the Endpoint security | Microsoft Defender for Endpoint screen and you will see a lot of options (under MDM Compliance Policy Settings, App Protection Policy Settings, and Common Shared Settings that are all greyed out. That is because we haven’t connected MDE to Intune yet.
- Under Configuring Microsoft Defender for Endpoint, click Connect Microsoft Defender for Endpoint to Microsoft Intune in the Microsoft Defender Security Center.
- You will likely be asked to re-authenticate, as we are going to a console on a different site (https//securitycenter.windows.com).
- In the Microsoft Defender Security Center, make sure you are in the Advanced features section.
- Scroll down to find the option Microsoft Intune connection. Toggling this on will enable the sharing of device information and enhanced policy enforcement. Do so, and then click Apply.
- At the bottom of the page, click Save preferences.
Now you can return to the Microsoft Endpoint Manager admin center portal, navigate back to the Endpoint security | Microsoft Defender for Endpoint screen, and things will look a lot more interesting…
We can enable any of the options we like, but for our purposes, let’s just enable the option Connect Windows devices version 10.0.15063 and above to Microsoft Defender for Endpoint. At the top of the screen, click Save.
At this point, your Windows 10 devices will need to be configured with Microsoft Defender for Endpoint to start reporting their health status. I am going to cover that in tomorrow’s article.