Defender Intrusion Prevention

A.Elrayes 186 Reputation points
2023-12-25T10:52:44.82+00:00

Hi Team,

As per the latest announce about Intune, Intrusion Prevention feature is deprecated.

What is the equivalent feature doing the same behavior ?

Thanks,

Alaa Elrayes

Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Microsoft Security | Intune | Other
0 comments No comments
{count} votes

Accepted answer
  1. ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff
    2023-12-26T03:07:08.86+00:00

    @A.Elrayes,Thanks for posting in Q&A.

    From your description, I know you are looking for a replacement of Defender Intrusion Prevention feature in Intune.

    Based on my research, Defender Intrusion Prevention is a feature that helps protect devices from network-based attacks, however you can create a real-time protection policy under Microsoft Defender Antivirus and enable network protection under Microsoft Defender for Endpoint Baseline to protect your devices from being attacked by network to replace Defender Intrusion Prevention.

    Here are steps about how to configure real-time protection you can refer.

    1.Go to the Microsoft Endpoint Manager admin center > Go to Endpoint security > Antivirus > Microsoft Defender Antivirus.

    2.Select Create Policy > Select Windows 10 and Windows 11, and Windows Server (ConfigMgr) as Platform and Select Microsoft Defender Antivirus as Profile > In Configuration settings page, select Real-time protection > Set Turn on real-time protection Yes.

    3.In Assignments page, assign it to device group.

    https://learn.microsoft.com/en-us/mem/intune/protect/antivirus-microsoft-defender-settings-windows#real-time-protection

    Here are steps about how to configure Microsoft Defender for Endpoint Baseline you can refer.

    1.Go to the Microsoft Intune admin center > Go to Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline.

    2.Select Create a profile > In the Configuration settings section, go to Attack Surface Reduction Rules > set Enable for Enable network protection.

    3.In Assignments, assign it to device group.

    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide#microsoft-defender-for-endpoint-baseline-method

    Hope above information can help you.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. A.Elrayes 186 Reputation points
    2023-12-26T08:52:51.4233333+00:00

    @ZhoumingDuan-MSFT Thanks for your reply, Just I need to make sure that this feature will be available and enabled but we can't configure it or will be removed and replaced to be managed and configured under real-time protection ?

    IPs


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.