Defender Intrusion Prevention

Question

Defender Intrusion Prevention

A.Elrayes 186

Hi Team,

As per the latest announce about Intune, Intrusion Prevention feature is deprecated.

What is the equivalent feature doing the same behavior ?

Thanks,

Alaa Elrayes

Accepted answer

1 additional answer

Your answer

Answer 1

@A.Elrayes,Thanks for posting in Q&A.

From your description, I know you are looking for a replacement of Defender Intrusion Prevention feature in Intune.

Based on my research, Defender Intrusion Prevention is a feature that helps protect devices from network-based attacks, however you can create a real-time protection policy under Microsoft Defender Antivirus and enable network protection under Microsoft Defender for Endpoint Baseline to protect your devices from being attacked by network to replace Defender Intrusion Prevention.

Here are steps about how to configure real-time protection you can refer.

1.Go to the Microsoft Endpoint Manager admin center > Go to Endpoint security > Antivirus > Microsoft Defender Antivirus.

2.Select Create Policy > Select Windows 10 and Windows 11, and Windows Server (ConfigMgr) as Platform and Select Microsoft Defender Antivirus as Profile > In Configuration settings page, select Real-time protection > Set Turn on real-time protection Yes.

3.In Assignments page, assign it to device group.

https://learn.microsoft.com/en-us/mem/intune/protect/antivirus-microsoft-defender-settings-windows#real-time-protection

Here are steps about how to configure Microsoft Defender for Endpoint Baseline you can refer.

1.Go to the Microsoft Intune admin center > Go to Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline.

2.Select Create a profile > In the Configuration settings section, go to Attack Surface Reduction Rules > set Enable for Enable network protection.

3.In Assignments, assign it to device group.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide#microsoft-defender-for-endpoint-baseline-method

Hope above information can help you.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

A.Elrayes 186

@ZhoumingDuan-MSFT Thanks for your reply, Just I need to make sure that this feature will be available and enabled but we can't configure it or will be removed and replaced to be managed and configured under real-time protection ?

IPs

ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff

2023-12-27T02:24:40.4266667+00:00

@A.Elrayes,Thanks for your update.

Based on my research, if this deprecated setting was previously applied on a device, the setting value is updated to NotApplicable and has no effect on the device.

Moreover, it cannot be configured, and the deprecated settings will be removed from the Antivirus profiles and the settings catalog in a future update to Intune, then the new feature will replace the deprecated one.

And now, you can follow the above information to enable Real-time protection and Network protection to protection your device.

Hope this can help you.
ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff

2023-12-29T06:08:30.5266667+00:00

@A.Elrayes,Hop things going well.

If there is any update, feel free to let me know.

Share via

Defender Intrusion Prevention

1 additional answer

Your answer