Intune – Deploy and use Microsoft Defender ATP Baseline Policy.

Many companies talks security every day and how to get the best protected and flexible enviroment possible, but still have their users working without facing to many IT related obstacles within a normal workday. In real life to many restrictions for productive users will often mean less money earned for the company, but again – on the other hand compromised data or a ransomware attack also can make red numbers on the bottom line, so we need a balanced overall IT environment.

Well, when all this is said what best practice do we need for a successful balanced environment? – That question is difficult to answer upfront because best practice can be many things depending on the company type, security matters, data sensitivity (GDPR is a exception) etc. So best practice can be Microsoft best practice or the company best practice or a mix.

So based on internal knowledge Microsoft also gather company-wide expertise to build best practices. This means that Microsoft puts together a set of standard rules, companies for free can implement in their environment.

In our scenario its Intune and mobile device management (MDM) that will deploy a set of best practice rules for a Windows 10 1903 ENT device in this case Microsoft defender Advanced Threat Protection (ATP) baseline.

Note: Windows firewall and Windows defender was for many years considered unsafe and not doing the job well enough, but now days these technologies are rated high and many companies wants to bundle their endpoint protection products and also safe money on flexible cloud license. Overall Windows 10 (PRO) ENT offers a complete, built-in and ongoing protection.

Note: Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing:
– Windows 10 Enterprise E5
– Windows 10 Education E5
– Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5

Now lets start making a Microsoft Defender ATP Baseline Policy.

  • Click on the Microsoft Defender ATP baseline:
  • Now Click on Create Profile:

Note: See the verison number and the publish date for the baseline. Microsoft will over time sent new updated baselines out. Learn more about Microsoft Defender ATP baseline settings here ->

  • Give the baseline policy a name and a dscription (Optional) and Click Next:

Check the settings and Click Next :

Note: Check all the setting and if something doesn’t work for existing environment then modify the settings for example picture 1. In the description field at the previous page you can with advantage write the custom changes made to the setting picture 2:

  • Click Next (in this test lab we don’t have any Tags created for this):
  • Now select what or who`is gonna receive this policy:

Note: See Microsoft documentation for device or user assignment here -> . We gonna hit it hard with all users in this test lab.

Click Create:

  • Now Microsoft Defender ATP is active on the device through the user license Microsoft 365 E5.
  • Now check the status of the deployment under Security Baseline tab:

Note: In this test lab one misconfiguration shows up and that the application guard needs to be reconfigured. All other settings are applied correctly to the Windows 10 ENT device. You cannot win all the time 😉

Happy deployment.

Leave a Reply

Your email address will not be published. Required fields are marked *