Protect data and site infrastructure

Applies to: Configuration Manager (current branch)

You want your users to securely access your organization's resources. Protect both your infrastructure and your data from exposure or malicious attack. Use Configuration Manager to enable access and help protect your organization's resources.

  • Endpoint Protection lets you manage the following Microsoft Defender policies for client computers:

    • Microsoft Defender Antimalware
    • Microsoft Defender Firewall
    • Microsoft Defender for Endpoint
    • Microsoft Defender Exploit Guard
    • Microsoft Defender Application Guard
    • Microsoft Defender Application Control


    To manage endpoint protection on co-managed Windows 10 or later devices using the Microsoft Intune cloud service, switch the Endpoint Protection workload to Intune. For more information, see Endpoint protection for Microsoft Intune.

  • Protect data stored on on-premises Windows clients with BitLocker Drive Encryption (BDE). Configuration Manager provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring (MBAM). For more information, see Plan for BitLocker management.

Use other components of Microsoft Intune to protect your devices. For more information, see Protect devices with Microsoft Intune.