Hello,
Create a compliance policy in intune and set to required the setting “Microsoft Defender Antimalware security intelligence up-to-date”
And if it’s not enough, create a proactive remediation like detection (get-mpcomputerStatus).AntivirusSigantureAge -ge 2
And remediation update-mpsignature with a short interval like every 4 hours for example.
it's not the script just the content, you need to add conditions, exit, message for each phases ....
Thanks
How to use Intune for Defender for Endpoint catch-up protection updates
I am planning the phased deployment of Defender for Endpoint Plan 1 clients to Win10/11/macOS across our enterprise. I want to use Intune for the deployment.
I am also planning for operations after the deployment. One thing I anticipate is https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus?view=o365-worldwide . The article gives remediation methods using MECM, Group Policy, Powershell, WMI, but not Intune. How do we use Intune to manage outdated endpoints?
6 answers
Sort by: Most helpful
-
christophe ghesquiere 1 Reputation point
2022-03-24T21:03:02.24+00:00 -
uMarko 2 31 Reputation points
2022-03-25T16:00:15.287+00:00 @ christopheghesquiere-3152
I see this is where to create the compliance policy:Endpoint Manager > Devices > Compliance policies > Create policy > W10 and later > Compliance settings tab > System Security section > Microsoft Defender Antimalware = Require, Microsoft Defender Antimalware security intelligence up-to-date = Require , Real-time protection = Require
However, this link to do the remediation is not available to me:
Endpoint Manager > Reports > Endpoint Analytics
I think its because we are using govcloud. The article https://learn.microsoft.com/en-us/enterprise-mobility-security/solutions/ems-intune-govt-service-description says Microsoft Endpoint Manager Endpoint Analytics and Log Analytics features are not currently available for US Government customers.
How would you suggest we do the remediation?
-
christophe ghesquiere 1 Reputation point
2022-03-25T23:06:12.173+00:00 the intune compliance policy does remediation afterwards if you want to have a double check without being able to use the pro active remediation solution, no doubt I will create an Intune application (Win32) containing a script that installs a scheduler task and a script containing this compliance and remediation. but the compliance (&remediation) classic should suffice, it is better to focus on the configuration of the security endpoint part in defender.
-
uMarko 2 31 Reputation points
2022-03-29T14:28:12.263+00:00 @ christopheghesquiere-3152, are you saying that in the compliance policy definition, there is a way to run a script on non-compliant endpoints? I don't see such an option in the "Actions for noncompliance tab".
-
christophe ghesquiere 1 Reputation point
2022-03-29T15:32:51.837+00:00 Hello,
- It is there but in preview for the moment. (and doesn't seem available to you)
- But as already said classic compliance has native remediation: