Endpoint detection and response policy settings for endpoint security in Intune

Note

The information in this article applies only to the settings in the Endpoint detection and response profile for the Windows 10 and later platform for endpoint security Endpoint detection and response policy.

Beginning on April 5, 2022, the Windows 10 and later platform was replaced by the Windows 10, Windows 11, and Windows Server platform that is now named more simply as Windows. Although you can no longer create a new instance of this older profile, you can continue to edit and use an existing instances of this profile. The settings details in this article apply only to the deprecated profiles.

View the settings you can configure in profiles for Endpoint detection and response policy in the endpoint security node of Intune.

Applies to:

  • Windows 10
  • Windows 11

Supported platforms and profiles:

  • Windows 10 and later: Use this platform for policy you deploy to Windows 10 and Windows 11 devices managed with Intune.

    • Profile: Endpoint detection and response (MDM)
  • Windows 10, Windows 11, and Windows Server (ConfigMgr): Use this platform for policy you deploy to devices managed by Configuration Manager.

    • Profile: Endpoint detection and response (ConfigMgr)

Endpoint detection and response (MDM)

Endpoint detection and response:

  • Microsoft Defender for Endpoint client configuration package type

    Upload a signed configuration package that will be used to onboard the Microsoft Defender for Endpoint client.

    • Not configured (default)
    • Onboarding blob
    • Offboarding blob

    When set to Onboarding blob, you can configure the following settings:

    • Defender for Endpoint onboarding blob
      Click Select onboarding file to open the Select onboarding File pane, where you specify a .onboarding file.

    When set to Offboarding blob, you can configure the following settings:

    • Defender for Endpoint offboarding blob
      Click Select offboarding file to open the Select offboarding File pane, where you specify a .offboarding file.
  • Sample sharing for all files

    Returns or sets the Microsoft Defender for Endpoint Sample Sharing configuration parameter. Sample Sharing sends a file to Microsoft for deep analysis. Organizations can disable sample sharing on specific devices that are considered too sensitive.

    • Not configured (default)
    • Yes
  • Expedite telemetry reporting frequency

    • Not configured (default)
    • Yes - Increase the Microsoft Defender for Endpoint telemetry reporting frequency.

Endpoint detection and response (ConfigMgr)

Endpoint detection and response:

  • Sample sharing for all files

    Returns or sets the Microsoft Defender for Endpoint Sample Sharing configuration parameter.

    • Not configured (default)
    • Yes
  • Expedite telemetry reporting frequency

    • Not configured (default)
    • Yes - Increase the Microsoft Defender for Endpoint telemetry reporting frequency.

Next steps

Endpoint security policy for EDR