Customer Offerings:Device Protection w/ Microsoft Endpoint Manager & Microsoft Defender for Endpoint

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

Introduction 

 

Welcome to another customer offering article to inform you about how to configure, setup, and deploy endpoint protection policies which include protective measures from Microsoft. In this article, we will present Premier Services Offerings WorkshopPLUS - Device Protection with Microsoft Endpoint Manager and Microsoft Defender for Endpoint.

 

Offering Overview 

 

With customers needing a deployment solution to push out Microsoft security policies and configurations, this offering will address this and more. This Premier offering builds on the fundamental security components and features of any Microsoft Endpoint Configuration Manager environment such as RBAC or role-based administration, Endpoint Protection​, Exploit Guard, Application Guard, Microsoft Defender for Endpoint, BitLocker Drive Encryption, and Compliance Settings. With this new customer offering, we were able to provide a 3-day hands on training in a live demo tenant to meet and exceed customer expectations. 

 

What the workshop entailsWhat the workshop entails

 

What's Included 

 

The content of this offering is a mix of education, administration, compliance, and security best practices at the L200-L300 level. This offering focuses on the breadth of Microsoft Endpoint Configuration Manager, Microsoft Defender for Endpoint, M365 Security (on-prem and in the cloud), and also Intune. The Device Protection with Microsoft Endpoint Manager and Microsoft Defender for Endpoint workshop is a three day engagement where you will learn about configuring a tenant using  labs hosted in the cloud (Microsoft Labs on Demand) with a full M365 E5 license (EMS E5 + M365 E5 + Office 365 E5). Each module contains scenarios that provide students with in-depth expertise, tools, and hands-on experience to help implement and troubleshoot security related concepts as they pertain to Microsoft Endpoint Configuration  Manager. 

 

Endpoint Protection policiesEndpoint Protection policies

 

Areas Covered 

 

The sections  below sections are covered in detail throughout the three-day offering and expand on each objective to maximize your understanding of each topic and focus area through knowledge transfer modules. 

 

Introduction to Endpoint Security​ - Overall introduction to security settings and recommendations that can be managed using Microsoft Endpoint Configuration Manager and Intune.

 

Role Based Access Control – Overview of Role Based Administration Control concept in Microsoft Endpoint Configuration Manager, including the reporting feature.

 

Endpoint Protection Technologies Overview - Objectives focus on a deeper dive into the technologies that make up Endpoint Protection.

 

Antimalware Policies - Objectives focus on learning the basic concepts and terminology for Endpoint Protection Antimalware Policies for Microsoft Defender Antivirus.

 

CAMP and Security Intelligence Updates - Objectives focus on managing Endpoint Protection Definition updates through Configuration Manager. 

 

Endpoint Protection Alerts and Reporting - Objectives focus on how to configure and use alerts and report notifications within Configuration Manager. 

 

Endpoint Protection Troubleshooting - Objectives focus on learning troubleshooting techniques for securing endpoints.   


Exploit Guard and Application Guard - Objectives focus on learning about Attack Surface Reduction, Controlled Folder Access, and Exploit and Network Protection. You will also learn how to mitigate security threats using containers by deploying Application Guard.  

 

Microsoft Defender for Endpoint - Objectives focus on learning how to onboard endpoints to Microsoft Defender for Endpoint using Microsoft Endpoint Configuration Manager and explore basic operational possibilities within Microsoft Defender for Endpoint portal.  

 

Device Encryption - Learn what is BitLocker and explore modern management possibilities to control device encryption with Microsoft Endpoint Configuration Manager and Intune.  

 

Compliance settings - Dive deeper into the compliance settings topic, including management possibilities using Microsoft Endpoint Manager (Intune).  

 

Hands on with Labs on Demand

 

During this offering there are multiple hands-on labs exercises using Microsoft’s Labs on Demand. Each student will be an administrator of their own demo tenant where they will create and deploy security policies using Microsoft Endpoint Configuration Manager. Once the polices are deployed to another machine, the student will be able to view and test out those policies. The areas are listed below are covered in the lab exercises: 

 

  • Endpoint Security
  • Implementing RBAC 
  • Endpoint Protection policies
  • CAMP and Security Intelligence updates 
  • Endpoint protection alerts and reporting 
  • Endpoint protection troubleshooting 
  • Exploit Guard and Application Guard 
  • Microsoft Defender for Endpoint
  • Device Encryption 
  • Compliance settings 

  

Creating the configuration file for Endpoints for MDECreating the configuration file for Endpoints for MDE

 

 

Configuring Attack Surface Reduction RulesConfiguring Attack Surface Reduction Rules

 

 

Configuring Bitlocker drive encryption in MEMConfiguring Bitlocker drive encryption in MEM

 

Objectives

 

After completing this course, you will understand how to set up, configure, and manage Microsoft Endpoint Configuration Manager Role Based Access​, Endpoint Protection for Microsoft Endpoint Manager, Application Guard and Exploit Guard integration​, Microsoft Defender for Endpoint​, BitLocker Drive Encryption, and compliance settings.

 

Key Personnel For this Offering 

 

This course is targeted at IT staff who have already started designing and implementing Microsoft Endpoint Configuration Manager integration with Microsoft Security products and concepts. To ensure that students are successful at the end of this WorkshopPLUS, it is highly recommended they meet the following criteria:​

 

  • Existing knowledge of Microsoft Endpoint Configuration Manager ​
  • Moderate knowledge of Windows Platform and Microsoft Security products​
  • Basic knowledge of Microsoft Endpoint Manager (Intune)​

 

Disclaimer 

 

As of this writing, the above modules are in scope. However, they might change as Microsoft Endpoint Configuration Manager, Intune, Microsoft Defender for Endpoint, and M365 Security are subject to change. 

 

Follow up and feedback

 

For further information, please contact your Microsoft Account Representative, Customer Success Account Manager (CSAM), or Service Delivery Manager (SDM).

 

To improve this or any other workshop, we always consider feedback from you. At Microsoft, achieving a high level of satisfaction among our customers and partners around the world is a core component of our business. For that reason, please don’t hesitate to complete the surveys and provide feedback.

 

Credit 

 

Special thanks and credit to the development team:

 

Anton Tatarkin, Senior Customer Engineer, Intune / EMS / Configuration Manager, Netherlands

 

John Barbare, Senior Customer Engineer - Cybersecurity, Monitoring Solutions (Sentinel, M365 Defender, MDE, MDI, MCAS), Unites States

 

Charles Baldridge, Customer Engineer, Configuration Manager, United States

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.