Endpoint security in Intune Overview

Question 1

What are the 8 high level categories in the Endpoint security node?

Answer 1

• Overview
• All devices
• Security baselines
• Security tasks
• Manage
• Monitor
• Set up
• Help and support

Question 2

What is the default page when opening the Endpoint security node in Microsoft Intune admin center?

Answer 2

Overview page

Question 3

What does the endpoint security Overview page present?

Answer 3

A consolidated dashboard with displays and information from focused nodes of endpoint security

Question 4

in Overview, what information does the Defender for Endpoint Connector status view display?

Answer 4

Current status for the tenant-wide Defender for Endpoint Connector

Question 5

in Overview, what is the purpose of the label in the Defender for Endpoint Connector status view?

Answer 5

Serves as a link to open the Microsoft Defender for Endpoint portal

Question 6

in Overview, what does the table for Windows devices onboarded to Defender for Endpoint show?

Answer 6

Tenant-wide status for endpoint detection and response (EDR) onboarding, with counts of devices that are and aren’t onboarded

Question 7

in Overview, what does the label in the Windows devices onboarding table link to?

Answer 7

Opens the Summary tab of the Endpoint detection and response policy node

Question 8

in Overview, what does the link ‘Deploy preconfigured policy’ do?

Answer 8

Opens the policy node for Endpoint detection and response to deploy a policy

Question 9

in Overview, what does the link ‘Onboard devices to Defender for Endpoint’ open?

Answer 9

Opens the Defender portal for additional onboarding steps outside of Intune’s workflow

Question 10

Where can the Antivirus agent status report be found in the Intune admin center?

Answer 10

Reports > Microsoft Defender Antivirus on the Summary tab

Question 11

in Overview, what additional reports are included in the Other Monitoring reports section?

Answer 11

Tiles that open additional Microsoft Defender Antivirus reports, including Detected Malware Firewall Status

Question 12

in Overview, what does another tile in the Other Monitoring reports section open?

Answer 12

Opens the Defender portal to view sensor and antivirus health data

Question 13

What does the All devices view in the Endpoint security node include?

Answer 13

A list of all devices from your Microsoft Entra ID available in Microsoft Intune

The All devices view allows for detailed inspection of each device.

Question 14

What can you do from the All devices view in the Endpoint security node?

Answer 14

Select devices to drill in for more information

This feature facilitates a deeper understanding of device details and statuses.

Question 15

What are security baselines in Intune?

Answer 15

Preconfigured groups of Windows device configuration settings with best practice recommendations from Microsoft security teams

Security baselines are designed to simplify the management of security settings on devices.

Question 16

Which device settings do security baselines in Intune support?

Answer 16

Windows device settings, Microsoft Edge, Microsoft Defender for Endpoint Protection, and more

This support helps ensure consistency and security across different platforms.

Question 17

What is the purpose of security baselines in Intune?

Answer 17

To configure device configuration settings based on best practice recommendations

They help streamline the security management process.

Question 18

Why is it important to understand other methods of configuring devices when using security baselines?

Answer 18

To avoid conflicts between different configuration settings

Conflicts can lead to security vulnerabilities or operational issues.

Question 19

True or False: Security baselines are the only method available in Intune for configuring device settings.

Answer 19

False

Intune offers several methods for configuration beyond security baselines.

Question 20

Fill in the blank: Security baselines in Intune are preconfigured groups of _______.

Answer 20

Windows device configuration settings

These settings are aligned with best practices.

Question 21

Where can you configure security baselines?

Answer 21

Go to Endpoint security > Security baselines

Question 22

What is the purpose of integrating Intune with Microsoft Defender for Endpoint?

Answer 22

To review Security tasks that identify at-risk devices and provide steps to mitigate that risk.

This integration allows for effective communication between security teams to manage vulnerabilities.

Question 23

Who determines which devices are at risk in the integration process?

Answer 23

The Microsoft Defender for Endpoint team.

They assess the security posture and communicate findings to the Intune team.

Question 24

What information do Security tasks created by the Microsoft Defender for Endpoint team include?

Answer 24

The devices at risk, the vulnerability, and guidance on how to mitigate that risk.

This helps streamline the remediation process for Intune admins.

Question 25

What actions can Intune Admins take regarding security tasks?

Answer 25

Select, review, and act to remediate those tasks. ## Footnote This includes implementing the recommended mitigations.

Question 26

What do Intune Admins do once a security task is mitigated?

Answer 26

Set the task to complete, which communicates the status back to the Microsoft Defender for Endpoint team. ## Footnote This ensures both teams are updated on remediation efforts.

Question 27

Fill in the blank: Security tasks in Intune help identify _______.

Answer 27

[at-risk devices]. ## Footnote Identifying these devices is crucial for proactive security measures.

Question 28

True or False: Intune Admins can only view security tasks but cannot take action on them.

Answer 28

False. ## Footnote Intune Admins can actively remediate security tasks.

Question 29

Where can you create and review Security tasks ?

Answer 29

Go to Endpoint security > Security tasks

Question 30

# 10 What does "Manage" view contain ?

Answer 30

* antivirus * disk encryption * firewall * Endpoint Priviledge Management * Endpoint detection and response * App control for business * Attack Surface Reduction * Account protection * Device compliance * Conditional access

Question 31

Where can you find a view of Assignment failures?

Answer 31

Go to Endpoint security > Monitor > Assignment failures

Question 32

Where do you go to connect and configure Ms Defender for Endpoint

Answer 32

Go to Endpoint security > Set up > MS Defender for Endpoint

Question 33

# 8 What can you configure with Endpoint security policies?

Answer 33

* Antivirus, * Disk Encryption, * Firewall, * Endpoint Detection and Response, * Attack Surface Reduction, * Account Protection, * Device Compliance, * Conditional access ## Footnote All under the "Manage" view

Question 34

# 2 What does the Antivirus setting enable you to do?

Answer 34

Review Windows 11 unhealthy endpoints and devices with active malware, create and assign antivirus profiles ## Footnote Includes options for Microsoft Defender Antivirus exclusions and Windows Security Experience.

Question 35

What profiles can be created under Disk Encryption?

Answer 35

BitLocker profiles for Windows 11 devices, macOS encryption settings ## Footnote Provides security for data at rest.

Question 36

What does the Firewall setting allow you to do?

Answer 36

Create and configure firewall profiles and firewall rules ## Footnote Essential for controlling incoming and outgoing network traffic.

Question 37

What is the purpose of Endpoint Detection and Response?

Answer 37

Create profiles that provide advanced attack detections that are near real-time and actionable ## Footnote Enhances threat detection capabilities.

Question 38

List some profiles that can be configured under Attack Surface Reduction.

Answer 38

* App and browser isolation * Device control * Attack surface reduction rules * Exploit protection * Web protection (for legacy Edge) * Application control ## Footnote These profiles help reduce the attack surface on managed devices.

Question 39

What does Account Protection help to secure?

Answer 39

User credentials using Windows Hello for Business and Credential Guard technology ## Footnote Aims to strengthen user authentication.

Question 40

What settings are included in Device Compliance management?

Answer 40

* Policies * Notifications * Retire Noncompliant devices * Locations * Compliance policy settings ## Footnote Ensures devices meet security standards.

Question 41

What is the function of Conditional access policies?

Answer 41

Enforce access requirements when specific conditions occur ## Footnote Example: deny access to cloud apps for non-compliant devices.

Question 42

What is an advantage of using an Endpoint protection configuration profile?

Answer 42

Combining and configuring all Microsoft Defender security settings in a single profile ## Footnote Streamlines management of security settings.

Question 43

Name 10 settings included in an Endpoint protection configuration profile.

Answer 43

* Microsoft Defender Application Guard * Windows Defender Firewall * Microsoft Defender SmartScreen * Windows Encryption * Microsoft Defender Exploit Guard * Microsoft Defender Application Control * Microsoft Defender Credential Guard * Microsoft Defender Security Center * Xbox services * User Rights ## Footnote These components enhance overall endpoint security.