Manage Microsoft Defender for Endpoint with Intune
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
We recommend using Microsoft Intune to manage your organization's threat protection features for devices (also referred to as endpoints). This article describes how to find your Microsoft Defender for Endpoint settings in Intune, and lists various tasks you can perform.
Find your Microsoft Defender for Endpoint settings in Intune
Important
You must have either the global administrator or service administrator role assigned in Intune to configure the settings described in this article. To learn more, see Types of administrators (Intune).
Go to the Microsoft Intune admin center and sign in.
In the navigation pane on the left, choose Device configuration, and then, under Manage, choose Profiles.
Select an existing profile, or create a new one.
Tip
Need help? See Using Microsoft Defender for Endpoint with Intune.
Configure Microsoft Defender for Endpoint with Intune
The following table lists various tasks you can perform to configure Microsoft Defender for Endpoint with Intune. You don't have to configure everything all at once; choose a task, read the corresponding resources, and then proceed.
| Task | Resources to learn more |
|---|---|
| Manage your organization's devices using Intune to protect those devices and data stored on them | Protect devices with Microsoft Intune |
| Integrate Microsoft Defender for Endpoint with Intune as a Mobile Threat Defense solution (for Android devices and devices running Windows 10 or Windows 11) |
Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune |
| Use Conditional Access to control the devices and apps that can connect to your email and company resources | Configure Conditional Access in Microsoft Defender for Endpoint |
| Configure Microsoft Defender Antivirus settings using the Policy configuration service provider (Policy CSP) | Device restrictions: Microsoft Defender Antivirus Policy CSP - Microsoft Defender for Endpoint |
| If necessary, specify exclusions for Microsoft Defender Antivirus Generally, you shouldn't need to apply exclusions. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios. |
Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows Device restrictions: Microsoft Defender Antivirus Exclusions for Windows 10 and Windows 11 devices Configure Microsoft Defender Antivirus exclusions on Windows Server 2016 or 2019 or 2022 |
| Configure your attack surface reduction rules to target software behaviors that are often abused by attackers Configure your attack surface reduction rules in audit mode at first (for at least one week and up to two months). You can monitor status using Power BI (get our template), and then set those rules to active mode when you're ready. |
Audit mode in Microsoft Defender for Endpoint Endpoint protection: Attack Surface Reduction Learn more about attack surface reduction rules Tech Community blog post: Demystifying attack surface reduction rules - Part 1 |
| Configure your network filtering to block outbound connections from any app to IP addresses or domains with low reputations Network filtering is also referred to as network protection. Make sure that Windows 10 and Windows 11 devices have the latest antimalware platform updates installed. |
Endpoint protection: Network filtering Review network protection events in Windows Event Viewer |
| Configure controlled folder access to protect against ransomware Controlled folder access is also referred to as antiransomware protection. |
Endpoint protection: Controlled folder access Enable controlled folder access in Intune |
| Configure exploit protection to protect your organization's devices from malware that uses exploits to spread and infect other devices Exploit protection is also referred to as Exploit Guard. |
Endpoint protection: Microsoft Defender Exploit Guard Enable exploit protection in Intune |
| Configure Microsoft Defender SmartScreen to protect against malicious sites and files on the internet. Microsoft Edge should be installed on your organization's devices. For protection on Google Chrome and FireFox browsers, configure exploit protection. |
Microsoft Defender SmartScreen Device restrictions: Microsoft Defender SmartScreen Policy settings for managing SmartScreen in Intune |
| Configure Microsoft Defender Firewall to block unauthorized network traffic flowing into or out of your organization's devices | Endpoint protection: Microsoft Defender Firewall Microsoft Defender Firewall with Advanced Security |
| Configure encryption and BitLocker to protect information on your organization's devices running Windows | Endpoint protection: Windows Encryption BitLocker for Windows 10 and Windows 11 devices |
| Configure Microsoft Defender Credential Guard to protect against credential theft attacks | For Windows 10, Windows 11, Windows Server 2016, and Windows Server 2019, and Windows Server 2022, see Endpoint protection: Microsoft Defender Credential Guard For Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, and Windows Server 2012 R2, see Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft, Versions 1 and 2 |
| Configure Microsoft Defender Application Control to choose whether to audit or trust apps on your organization's devices Microsoft Defender Application Control is also referred to as AppLocker. |
Deploy Microsoft Defender Application Control policies by using Microsoft Intune Endpoint protection: Microsoft Defender Application Control AppLocker CSP |
| Configure device control and USB peripherals access to help prevent threats in unauthorized peripherals from compromising your devices | Control USB devices and other removable media using Microsoft Defender for Endpoint and Intune |
Configure your Microsoft Defender portal
If you haven't already done so, configure your Microsoft Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See Microsoft Defender XDR. You can also configure whether and what features end users can see in the Microsoft Defender portal.
Next steps
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Submit and view feedback for