5.0 KiB
title, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
| title | description | keywords | search.product | search.appverid | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ensure your machines are configured properly | Properly configure machines to boost overall resilience against threats and enhance your capability to detect and respond to attacks. | onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, attack surface reduction, ASR, security baseline | eADQiWindows 10XVcnh | met150 | w10 | deploy | library | security | lomayor | lomayor | medium | dansimp | ITPro | M365-security-compliance | conceptual |
Ensure your machines are configured properly
Applies to:
Want to experience Microsoft Defender ATP? Sign up for a free trial.
With properly configured machines, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your machines:
- Onboard to Microsoft Defender ATP
- Meet or exceed the Microsoft Defender ATP security baseline configuration
- Have strategic attack surface mitigations in place
Machine configuration management page
You can track configuration status at an organizational level and quickly take action in response to poor onboarding coverage, compliance issues, and poorly optimized attack surface mitigations through direct, deep links to device management pages on Microsoft Intune and Microsoft 365 security center.
In doing so, you benefit from:
- Comprehensive visibility of the events on your machines
- Robust threat intelligence and powerful machine learning technologies for processing raw events and identifying the breach activity and threat indicators
- A full stack of security features configured to efficiently stop the installation of malicious implants, hijacking of system files and process, data exfiltration, and other threat activities
- Optimized attack surface mitigations, maximizing strategic defenses against threat activity while minimizing impact to productivity
Enroll machines to Intune management
Machine configuration management works closely with Intune device management to establish the inventory of the machines in your organization and the baseline security configuration. You will be able to track and manage configuration issues on Intune-managed Windows 10 machines.
Before you can ensure your machines are configured properly, enroll them to Intune management. Intune enrollment is robust and has several enrollment options for Windows 10 machines. For more information about Intune enrollment options, read about setting up enrollment for Windows devices.
Note
To enroll Windows devices to Intune, administrators must have already been assigned licenses. Read about assigning licenses for device enrollment.
Tip
To optimize machine management through Intune, connect Intune to Microsoft Defender ATP.
Obtain required permissions
By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage and assign the device configuration profiles needed for onboarding machines and deploying the security baseline.
If you have been assigned other roles, ensure you have the necessary permissions:
- Full permissions to device configurations
- Full permissions to security baselines
- Read permissions to device compliance policies
- Read permissions to the organization
Device configuration permissions on Intune
Tip
To learn more about assigning permissions on Intune, read about creating custom roles.
In this section
| Topic | Description |
|---|---|
| Get machines onboarded to Microsoft Defender ATP | Track onboarding status of Intune-managed machines and onboard more machines through Intune. |
| Increase compliance to the Microsoft Defender ATP security baseline | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed machines. |
| Optimize ASR rule deployment and detections | Review rule deployment and tweak detections using impact analysis tools in Microsoft 365 security center. |
Want to experience Microsoft Defender ATP? Sign up for a free trial.