![]() This identity enables Microsoft Endpoint Manager to distribute policies that are targeted to the devices when they check in.ĭefender for Endpoint reports the status of the policy back to Endpoint Manager. When devices haven't registered, a new trust is created.ĭevices use their Azure AD Identity to communicate with Endpoint Manager. When a device has an existing trust, that is used. The following diagram is a conceptual representation of the Microsoft Defender for Endpoint security configuration management solution.ĭevices onboard to Microsoft Defender for Endpoint.Ī trust is established between each device and Azure AD. The Endpoint security node is where you'll configure and deploy policies to manage Microsoft Defender for Endpoint for your devices and monitor device status.įor current information about options, see Minimum requirements for Microsoft Defender for Endpoint. A subscription that grants Microsoft Defender for Endpoint licenses also grants your tenant access to the Endpoint security node of the Microsoft Endpoint Manager admin center.Įxception: If you have access to Microsoft Defender for Endpoint as part of a Microsoft Defender for Cloud only license (formerly Azure Security Center), the Security Management for Microsoft Defender for Endpoint functionality isn't available. To use security management for Microsoft Defender for Endpoint, you need:Ī subscription that grants licenses for Microsoft Defender for Endpoint, like Microsoft 365, or a standalone license for only Microsoft Defender for Endpoint. Windows Server 2016 with Microsoft Defender for Down-Level Devices.Windows Server 2012 R2 with Microsoft Defender for Down-Level Devices.Windows 10 Professional/Enterprise (with KB5006738).Policies for Microsoft Defender for Endpoint security management are supported for the following device platforms: If your organization users Secure Socket Layer (SSL) inspection, the endpoints should be excluded from inspection. *.dm. - The use of a wildcard supports the cloud-service endpoints that are used for enrollment, check-in, and reporting, and which can change as the service scales.Cross-tenant scenarios are not supported.ĭevices must have access to the following endpoints: All devices must register in the Azure Active Directory of the tenant that hosts Microsoft Defender for Endpoint.AAD Connect rules for sync must be modified for Server 2012 R2 (when support for Server 2012 R2 is needed).AAD Connect Sync must include the device objects in scope for synchronization with Azure Active Directory (when needed for join).Hybrid Azure Active Directory Join must be configured in your environment (either through Federation or AAD Connect Sync).Azure Active Directory Connect (AAD Connect) must be synchronized to the tenant that is used from Microsoft Defender for Endpoint.The Security Management for Microsoft Defender for Endpoint fully supports this scenario with the following requirements: When a device that is domain joined creates a trust with Azure Active Directory, this scenario is referred to as a Hybrid Azure Active Directory Join scenario. Policy retrieve from Endpoint Manager is enforced on the device by Microsoft Defender for Endpoint.Azure Active Directory trust is used to communicate with Endpoint Manager (Intune) and retrieve policies.A trust is created with Azure Active Directory if one doesn't already exist.Devices without an Endpoint Manager presence will enable the Security Management feature.The device is surveyed for an existing Endpoint Manager presence, which is a mobile device management (MDM) enrollment to Intune.When a device onboards to Microsoft Defender for Endpoint: Review the following sections for requirements for the Security Management for Microsoft Defender for Endpoint Scenario: Environment
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |