deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update mdm-windows.md

Browse Source
This commit is contained in:
denisebmsft
2021-09-08 12:47:28 -07:00
parent e9f4f57678
commit 9dd3cadae7
1 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
windows/security/mdm-windows.md
View File

@ -21,9 +21,12 @@ f1.keywords: NOCSH
Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
Windows 11 includes a management component that includes:
- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
## MDM features and capabilities
MDM includes several security features & capabilities. These include:
- Remote wipe
- Support for your work or school account
@ -31,4 +34,23 @@ MDM includes several security features & capabilities. These include:
- Remote device attestation
- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business
Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.
## Support for non-Microsoft MDM servers
Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11.
For details about the MDM protocols, the following resources:
- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f)
- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
## Security baselines
Windows 11 can be configured with the Microsoft MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. Security baseline enables IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
The MDM security baseline includes policies that cover the following areas:
- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Virtual-based security, Exploit Guard, Defender, and Firewall
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
- Legacy technology policies that offer alternative solutions with modern technology