deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #715 from MicrosoftDocs/mdatp-seccon-mgmt-lomayor

Browse Source 
Update configure-machines-security-baseline.md
This commit is contained in:
Dani Halfin 2019-07-17 21:59:37 -07:00 committed by GitHub
commit beaa59b3c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: article
---
# Optimize ASR rule deployment and detections

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: article
---
# Get machines onboarded to Microsoft Defender ATP

5
windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: article
---
# Increase compliance to the Microsoft Defender ATP security baseline
@ -41,6 +41,9 @@ The Windows Intune security baseline provides a comprehensive set of recommended
Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls.
>[!NOTE]
>The Windows Defender ATP security baseline [turns on Windows Hello for Business](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp#windows-hello-for-business). This will require a secondary authentication method that is typically unavailable with RDP and other remote interactive sessions used to access virtual machines (VMs). Before applying the security baseline on VMs, consider modifying the baseline to turn off Windows Hello for Business.
## Get permissions to manage security baselines in Intune
By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you havent been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group.

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: conceptual
---
# Ensure your machines are configured properly