Share via

Intune Portal hardening points.

Ritesh Chaudhary 20 Reputation points
2024-12-10T04:09:34.4166667+00:00

Hi All,

I am seeking detailed recommendations or best practices for hardening the Microsoft Intune portal to enhance its security posture. Your insights on this matter would be greatly appreciated.

Thank you in advance for your assistance.

Microsoft Security | Intune | Other
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-12-10T04:52:49.64+00:00

    @Ritesh Chaudhary Thanks for posting in our Q&A.

    For this issue, did you mean that you want to sign in intune portal more safely? If yes, here are some detailed recommendations and best practices:

    1. Multi-Factor Authentication (MFA): Ensure that all users accessing the Intune portal use multi-factor authentication. This adds an extra layer of security by requiring users to verify their identity through a second method, such as a mobile app or SMS code.
    2. Role-Based Access Control (RBAC): Implement RBAC to limit access to the Intune portal based on the user's role within the organization. This ensures that users only have access to the information and tools necessary for their job functions.
    3. Conditional Access Policies: Use conditional access policies to control how and when users can access the Intune portal. For example, you can require MFA for access from untrusted networks or block access from specific locations.

    If there is anything misunderstanding, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. SUNOJ KUMAR YELURU 15,256 Reputation points MVP Volunteer Moderator
    2024-12-10T04:55:22.48+00:00

    Hello @Ritesh Chaudhary,

    Thank you for using Q&A forum.

    protect your users and Windows devices, you can configure and deploy distinct instances of Microsoft Intune security baseline profiles to different groups of Windows devices and users.

    There are different baselines for different products, and each is a group of preconfigured settings that represent the recommended security posture from that products security team. You can deploy a default (unmodified) baseline or customized your profiles to configure devices with the settings that your organization requires.

    If the Answer is helpful, please click Accept Answer and Up-Vote, so that it can help others in the community looking for help on similar topics.

    0 comments
  3. Anonymous
    2024-12-10T07:13:40.95+00:00

    @Ritesh Chaudhary So, do you want the corporate and compliant devices to access intune portal? If yes, please try conditional access policy.

    In a conditional access policy, we can add "Microsoft Admin Portals" in Target resources, configure exclude filter for devices (device.deviceOwnership -eq "Company") in Conditions, and select Block access in Grant.

    In another conditional access policy, we can add "Microsoft Admin Portals" in Target resources, select Grant access and Require device to be marked as compliant.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.