The account protection policy is focused on settings for Windows Hello and Credential Guard, which is part of Windows identity and access management.Īntivirus - Antivirus policies help security admins focus on managing the discrete group of antivirus settings for managed devices.Īpplication Control (Preview) - Manage approved apps for Windows devices with Application Control policy and Managed Installers for Microsoft Intune. To learn more about them, including the available profiles for each, follow the links to content dedicated to each policy type:Īccount protection - Account protection policies help you protect the identity and accounts of your users. You'll find endpoint security policies under Manage in the Endpoint security node of the Microsoft Intune admin center.įollowing are brief descriptions of each endpoint security policy type. Each type of configuration policy supports identifying and resolving conflicts should they arise: ![]() When Intune evaluates policy for a device and identifies conflicting configurations for a setting, the setting that's involved can be flagged for an error or conflict and fail to apply. Multiple sources can include separate policy types and multiple instances of the same policy. A settings conflict occurs when a device receives two different configurations for a setting from multiple sources. Security baselines, device configuration policies, and endpoint security policies are all treated as equal sources of device configuration settings by Intune. When using endpoint security policies along side other policy types like security baselines or endpoint protection templates from device configuration policies, it’s important to develop a plan for using multiple policy types to minimize the risk of conflicting settings. In contrast, each endpoint security profile focuses on a specific subset of device settings intended to configure one aspect of device security. Device configuration profiles and baselines include a large body of diverse settings outside the scope of securing endpoints. These profiles are similar in concept to a device configuration policy template, a logical group of related settings.Īs a security admin concerned with device security, you can use these security-focused profiles to avoid the overhead of device configuration profiles or security baselines. Each endpoint security policy supports one or more profiles. Use Intune endpoint security policies to manage security settings on devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |