Defender for endpoint

Question 1

What subscriptions are required to use Microsoft Defender for Endpoint with Intune?

Answer 1

You must have:
* Microsoft Defender for Endpoint
* Microsoft Intune Plan 1 minimum

Question 2

What devices are supported for Intune with Microsoft Defender for Endpoint?

Answer 2

The following platforms are supported:
* Android
* iOS/iPadOS
* Windows 10/11 (Microsoft Entra hybrid joined or Microsoft Entra joined)

Question 3

Fill in the blank: To use Microsoft Defender for Endpoint with Intune, you must manage devices with _______.

Answer 3

[Microsoft Intune]

Question 4

True or False: Windows 10/11 devices must be either Microsoft Entra hybrid joined or Microsoft Entra joined to use Intune with Microsoft Defender for Endpoint.

Answer 4

True

Question 5

What is required to connect Microsoft Defender for Endpoint to Intune?

Answer 5

A service-to-service connection must be set up between Intune and Microsoft Defender for Endpoint

Question 6

How many times must the service-to-service connection be set up per tenant?

Answer 6

One time

Question 7

Which two admin centers do you need access to for the setup?

Answer 7

• Microsoft Defender Security Center
• Microsoft Intune admin center

Question 8

7

What is required to use Microsoft Defender for Endpoint?

Answer 8

One of the following Microsoft Volume licensing options:
* Windows 10/11 Enterprise E5
* Windows 10/11 Education A5
* Microsoft 365 E5 (M365 E5)
* Microsoft 365 A5 (M365 A5)
* Microsoft 365 E5 Security
* Microsoft 365 A5 Security
* Microsoft Defender for Endpoint

Each option provides different features and capabilities related to security and endpoint management.

Question 9

What are the 6 steps to enable Intune and Microsoft Defender for Endpoint integration ?

Answer 9

1. Navigate to Endpoint security
2. Select Microsoft Defender for Endpoint, under Set up
3. In the Details pane, click the link for **Connect Microsoft Defender for Endpoint to Microsoft Intune **in the Microsoft Defender Security Center.
4. In Microsoft Defender, select System | Settings | Endpoints | Advanced features
5. Turn on the Microsoft Intune connection
6. Click Save preferences.

Question 10

What should the Connection status display when returning to the Microsoft Defender for Endpoint page in the Microsoft Intune admin center, after you enabled Intune and Microsoft Defender for Endpoint integration?

Answer 10

Enabled

Question 11

What must be reviewed on the Microsoft Defender for Endpoint page?

Answer 11

Each category and available configurations for platform support and platform-specific options

Question 12

What is the first configuration step under Compliance policy evaluation for using Defender for Endpoint?

Answer 12

Set Connect Android devices to Microsoft Defender for Endpoint to On

Question 13

Which devices must be connected to Microsoft Defender for Endpoint for compliance?

Answer 13

Applicable devices managed with Intune and devices enrolled in the future

Question 14

What setting should be enabled for iOS devices to assist with Vulnerability Assessment?

Answer 14

Enable App Sync for iOS Devices

Question 15

What does enabling App Sync for iOS Devices allow Defender for Endpoint to do?

Answer 15

Request metadata of iOS applications from Intune for threat analysis purposes

Question 16

What must the iOS device be for Defender for Endpoint to request app metadata?

Answer 16

MDM-enrolled

Question 17

What does the setting ‘Send full application inventory data on personally owned iOS/iPadOS Devices’ control?

Answer 17

Application inventory data shared with Defender for Endpoint during app data sync

Question 18

What configurations are needed under App protection policy evaluation for Android and iOS/iPadOS?

Answer 18

Set Connect Android devices to Microsoft Defender for Endpoint to On and Set Connect iOS/iPadOS devices to Microsoft Defender for Endpoint to On

Question 19

Fill in the blank: To use Defender for Endpoint with compliance policies, configure the following under Compliance policy evaluation for the platforms you support: Set Connect _______ devices to Microsoft Defender for Endpoint to On.

Answer 19

Android

Question 20

Fill in the blank: Set Connect _______ devices to Microsoft Defender for Endpoint to On.

Answer 20

iOS/iPadOS

Question 21

True or False: The configurations for Defender for Endpoint must be set to Off for devices to connect.

Answer 21

False

Question 22

What is the purpose of onboarding devices to Microsoft Defender for Endpoint?

Answer 22

To ensure devices are protected and monitored for security threats and to enable collection of data about device risk levels.

Onboarding involves enrolling devices into the Defender for Endpoint service.

Question 23

What must be used when onboarding devices to Microsoft Defender for Endpoint?

Answer 23

The most recent version of Microsoft Defender for Endpoint for each platform.

Ensures compatibility and optimal protection.

Question 24

Does the process to onboard devices to Defender for Endpoint vary by platform?

Answer 24

Yes, the process varies by platform.

Each platform may have specific onboarding steps.

Question 25

What is the first step after establishing the service-to-service connection between Intune and Microsoft Defender for Endpoint?

Answer 25

Use Intune to onboard your managed devices to Microsoft Defender for Endpoint.

Question 26

Fill in the blank: Onboarding involves _______ into the Defender for Endpoint service.

Answer 26

[enrolling devices]

Question 27

What is the function of the onboarding configuration package received by Intune from Defender?

Answer 27

To onboard Windows devices for communication with Microsoft Defender for Endpoint services and to scan files and detect threats. ## Footnote The onboarding configuration package is essential for setting up device compliance and security monitoring.

Question 28

How do onboarded devices report their risk level?

Answer 28

Based on compliance policies to Microsoft Defender for Endpoint. ## Footnote This reporting mechanism helps in maintaining security standards and compliance.

Question 29

Is the onboarding of a device using the configuration package a one-time action or recurring?

Answer 29

One-time action. ## Footnote Once a device is onboarded, it does not need to go through the onboarding process again.

Question 30

What are the two options available for deploying the onboarding package for Windows devices?

Answer 30

* Preconfigured EDR policy option * Manually creating the EDR Policy ## Footnote The preconfigured option allows for broader deployment, while manual creation offers more granular control.

Question 31

What does the preconfigured EDR policy option do?

Answer 31

Deploys to the **All devices group** to onboard all applicable Windows devices. ## Footnote This method simplifies the onboarding process for a large number of devices.

Question 32

What are the 6 steps to set up the preconfigured EDR policy ?

Answer 32

1. Go to **Endpoint security** > **Endpoint detection and response** and select the **EDR Onboarding Status tab** 2. On **EDR Onboarding Status tab**, select **Deploy preconfigured policy** 3. **Platform**: **Windows** or Windows (ConfigMgr) 4. **Profile**: select **Endpoint detection and response** 5. Specify a Name for the policy. 6. Review and create

Question 33

What are the 6 steps to configure an EDR policy manually?

Answer 33

1. Go to **Endpoint security** > **Endpoint detection and response** and select the **Create policy** 3. **Platform**: **Windows** or Windows (ConfigMgr) 4. **Profile**: select **Endpoint detection and response** 5. Name+Description 6. **Configuration settings** page configure the options: - *Microsoft Defender for Endpoint client configuration package type*: Select **Auto from connector**. With this option, the onboarding policy automatically uses the onboarding blob that Intune received from Microsoft Defender. If you're onboarding to a different or disconnected Defender for Endpoint deployment, select Onboard and paste the text from the WindowsDefenderATP.onboarding blob file into the Onboarding (Device) field. - *Sample Sharing*: Returns or sets the Microsoft Defender for Endpoint Sample Sharing configuration parameter 7. Scopes 8. **Assignments**

Question 34

What is required to onboard macOS, iOS/iPadOS, or Android devices to Microsoft Defender for Endpoint?

Answer 34

Establish a service-to-service connection between Intune and Microsoft Defender for Endpoint ## Footnote This connection is essential for the onboarding process.

Question 35

Does Intune support an automatic onboarding package for macOS, iOS/iPadOS, or Android devices?

Answer 35

No ## Footnote Intune provides automatic onboarding only for Windows devices.

Question 36

Which devices can be onboarded to Microsoft Defender for Endpoint?

Answer 36

macOS, iOS/iPadOS, Android ## Footnote These devices require a service-to-service connection to be onboarded.

Question 37

True or False: Intune provides the same onboarding package for macOS as it does for Windows.

Answer 37

False ## Footnote Intune does not support an automatic onboarding package for macOS.

Question 38

How can you deploy Defender for endpoint on MacOS, iOS/iPAD OS or Android managed devices?

Answer 38

By adding and configuring an Store app

Question 39

What are the 7 steps to deploy and configure MS defender on a supervised iOS/iPadOS ?

Answer 39

Configure an **app configuration policy** 1. Select **Apps** > **Configuration** > **Create**, and then select **Managed devices** from the drop down list. 2. Name + Description (optional) 3. Platform: iOS/iPadOS 4. Select **Targeted app** as **Microsoft Defender for iOS** 5. **Settings** page: set the *Configuration key* as issupervised, then *Value type* as string with the {{issupervised}} as the *Configuration value*. 6. Scope tags 7. **Assignments** : best practice to target **All Devices**

Question 40

What are the 5 steps to deploy and configure MS defender as a Store app on a macOS device ?

Answer 40

1. Select Apps > All Apps > Create 2. In **App type** list under the **Microsoft Defender for Endpoint**, select **macOS** 3. Fieds should be auto populated. Can toogle Display this as a featured app in the Company Portal 4. Scope tags 5. **Assignments**

Question 41

How to add and configure Microsoft Defender for Endpoint on Android Enterprise managed devices ?

Answer 41

* Add Microsoft Defender for Endpoint on Android as a Managed Google Play app * Configure it as an app for a managed device

Question 42

What does the compliance policy for devices determine?

Answer 42

The level of risk that you consider as acceptable for a device. ## Footnote This applies to Android, iOS/iPadOS, and Windows devices.

Question 43

# 5 steps How to configure Microsoft Defender for Endpoint as part of a compliance policy?

Answer 43

A. Select **Devices** > **Compliance**. On the **Policies** tab, select + Create policy. B. For Platform, use the drop-down box to select one of the following options: - Android device administrator - Android Enterprise - iOS/iPadOS - Windows 10 and later C. Name + Description D. **Compliance settings** tab, **expand** the **Microsoft Defender for Endpoint** category and set the option **Require the device to be at or under the machine risk score** to your preferred level. *Threat level classifications* are determined by Microsoft Defender for Endpoint - *Clear*: This level is the most secure. If any threats are found, the device is evaluated as noncompliant - *Low* : The device is compliant if only low-level threats exist. - *Medium* - *High* E. **Assignment**

Question 44

What is the purpose of creating an application protection policy to set device risk level?

Answer 44

To manage app access based on device threat assessment ## Footnote This involves creating policies specifically for iOS/iPadOS or Android apps.

Question 45

What information is required on the Apps page when creating an application protection policy to set device risk level?

Answer 45

Select the apps targeted by app protection policies ## Footnote These apps are blocked or selectively wiped based on device risk assessment.

Question 46

What are the options available for the Max allowed device threat level, in Conditional launch, below Device conditions?

Answer 46

* Secured * Low * Medium * High ## Footnote Each level determines the compliance status of the device based on threats found.

Question 47

What happens if the device is evaluated as noncompliant?

Answer 47

Access is blocked ## Footnote This occurs if any threats are found when the threat level is set to Secured.

Question 48

What actions are available for devices assessed with threats in Conditional launch, below Device conditions?

Answer 48

* Block access * Wipe data ## Footnote These actions are taken based on the threat assessment of the device.

Question 49

What is the role of Assignments in application protection policy?

Answer 49

Assign the policy to groups of users for evaluation of their devices accessing corporate data ## Footnote This is done via Intune app protection.

Question 50

Fill in the blank: The apps targeted by app protection policies can be ____ or selectively wiped.

Answer 50

blocked