From 8731b7423f31ca49a3523fa1d06d7c06d692c38c Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 17 Jul 2019 21:04:00 -0700 Subject: [PATCH 1/2] Update configure-machines-security-baseline.md --- .../configure-machines-security-baseline.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index d91d24bb04..fc3ec38f5f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -41,6 +41,9 @@ The Windows Intune security baseline provides a comprehensive set of recommended Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. +>[!NOTE] +>The Windows Defender ATP security baseline [turns on Windows Hello for Business](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp#windows-hello-for-business). This will require a secondary authentication method that is typically unavailable with RDP and other remote interactive sessions used to access virtual machines (VMs). Before applying the security baseline on VMs, consider modifying the baseline to turn off Windows Hello for Business. + ## Get permissions to manage security baselines in Intune By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you haven’t been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group. From b7d38ad81e552514884bd513edc4f9c1806a5328 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 17 Jul 2019 21:41:18 -0700 Subject: [PATCH 2/2] corrected ms.topic metadata values --- .../microsoft-defender-atp/configure-machines-asr.md | 2 +- .../microsoft-defender-atp/configure-machines-onboarding.md | 2 +- .../configure-machines-security-baseline.md | 2 +- .../microsoft-defender-atp/configure-machines.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md index 9b0a3173f6..d6b0b6bed5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Optimize ASR rule deployment and detections diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md index f09ddf1096..70cfffed50 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Get machines onboarded to Microsoft Defender ATP diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index fc3ec38f5f..20c8764a22 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Increase compliance to the Microsoft Defender ATP security baseline diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md index 31fbc743c6..cce444980a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: conceptual --- # Ensure your machines are configured properly