And then, of course, you'll need the Standalone Defender ATP license. If not, I believe you can add it with an EMS+E3. If you already have Business Premium, that's included. So, for non-enterprise, you'll need an InTune license. You can setup web filtering to, for example, ban porn from your corporate machines, even if they're outside your corporate network. Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation. You can setup policies, for example, to isolate an infected machine from talking to your other machines. What makes it worthwhile is that you can manage AV and security policies on all of your machines at once from a cloud dashboard. The base client on the machines is the same Windows Defender that you get on a vanilla Win10 box. Sounds a bit convoluted, right? But, it makes sense if you think about it - the entire reason Defender ATP exists is for cloud management of endpoint security. Setup a Mac Defender Onboarding policy, assign it to a group, and enroll the Macs in InTune. I'm not sure the procedure with Macs, but I know you can enroll them in InTune, and I know that they're compatible with Defender, so I'm fairly sure it's a similar process. As I recall, you onboard a machine via an InTune configuration policy, and then setup device compliance policies.
0 Comments
Leave a Reply. |