Rediger

Del via


Use Microsoft Defender for Endpoint to enforce device compliance with Microsoft Intune

You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization.

See the Microsoft Defender for Endpoint requirements for the list of supported operating systems and versions.

To be successful, use the following configurations in concert, which are detailed in Configure Microsoft Defender for Endpoint in Intune:

When you integrate Intune with Microsoft Defender for Endpoint, you can take advantage of Microsoft Defender for Endpoints Threat & Vulnerability Management (TVM) and use Intune to remediate endpoint weakness identified by TVM.

Example of using Microsoft Defender for Endpoint with Intune

The following example helps explain how these solutions work together to help protect your organization. For this example, Microsoft Defender for Endpoint and Intune are already integrated.

Consider an event where someone sends a Word attachment with embedded malicious code to a user within your organization.

  • The user opens the attachment, and enables the content.
  • An elevated privilege attack starts, and an attacker from a remote machine has admin rights to the victim's device.
  • The attacker then remotely accesses the user's other devices. This security breach can impact the entire organization.

Microsoft Defender for Endpoint can help resolve security events like this scenario.

  • In our example, Microsoft Defender for Endpoint detects that the device executed abnormal code, experienced a process privilege escalation, injected malicious code, and issued a suspicious remote shell.
  • Based on these actions from the device, Microsoft Defender for Endpoint classifies the device as high-risk and includes a detailed report of suspicious activity in the Microsoft Defender Security Center portal.

You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization.

Because you have an Intune device compliance policy to classify devices with a Medium or High level of risk as noncompliant, the compromised device is classified as noncompliant. This classification allows your conditional access policy to kick in and block access from that device to your corporate resources.

For devices that run Android, you can use Intune policy to modify the configuration of Microsoft Defender for Endpoint on Android. For more information, see Microsoft Defender for Endpoint web protection.

Prerequisites

Subscriptions:
To use Microsoft Defender for Endpoint with Intune, you must have the following subscriptions:

Devices managed with Intune:
The following platforms are supported for Intune with Microsoft Defender for Endpoint:

  • Android
  • iOS/iPadOS
  • Windows 10/11 (Microsoft Entra hybrid joined or Microsoft Entra joined)

For the system requirements for Microsoft Defender for Endpoint, see Minimum requirements for Microsoft Defender for Endpoint.

Next steps

Learn more from the Intune documentation:

Learn more from the Microsoft Defender for Endpoint documentation: