• Install & Activate
  • Troubleshooting
BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support
  • Install & Activate
  • Troubleshooting

Configure Conditional Access in Microsoft Defender for Endpoint

/Download, Install & Active / Microsoft / Download, Install & Active / Microsoft / Microsoft Endpoint / Configure Conditional Access in Microsoft Defender for Endpoint
  • December 25, 2021
  • BEST Antivirus Staff 2
  • Microsoft / Microsoft Endpoint

Contents

  1. Before you begin
    1. Step 1: Turn on the Microsoft Intune connection
    2. Step 2: Turn on the Defender for Endpoint integration in Intune
    3. Step 3: Create the compliance policy in Intune
    4. Step 4: Assign the policy
    5. Step 5: Create an Azure AD Conditional Access policy
    6. Source : Official Microsoft Brand Editor by : BEST Antivirus KBS Team
0
(0)

Before you begin

 Warning

It’s important to note that Azure AD wp-signup.phped devices is not supported in this scenario.
Only Intune enrolled devices are supported.

You need to make sure that all your devices are enrolled in Intune. You can use any of the following options to enroll devices in Intune:

  • IT Admin: For more information on how to enabling auto-enrollment, see Windows Enrollment
  • End-user: For more information on how to enroll your Windows 10 and Windows 11 device in Intune, see Enroll your Windows 10 device in Intune
  • End-user alternative: For more information on joining an Azure AD domain, see How to: Plan your Azure AD join implementation.

There are steps you’ll need to take in Microsoft 365 Defender, the Intune portal, and Azure AD portal.

It’s important to note the required roles to access these portals and implement Conditional access:

  • Microsoft 365 Defender – You’ll need to sign into the portal with a global administrator role to turn on the integration.
  • Intune – You’ll need to sign in to the portal with security administrator rights with management permissions.
  • Azure AD portal – You’ll need to sign in as a global administrator, security administrator, or Conditional Access administrator.

 Note

You’ll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 and Windows 11 devices.

Take the following steps to enable Conditional Access:

  • Step 1: Turn on the Microsoft Intune connection from Microsoft 365 Defender
  • Step 2: Turn on the Defender for Endpoint integration in Intune
  • Step 3: Create the compliance policy in Intune
  • Step 4: Assign the policy
  • Step 5: Create an Azure AD Conditional Access policy

Step 1: Turn on the Microsoft Intune connection

  1. In the navigation pane, select Settings > Endpoints > General > Advanced features > Microsoft Intune connection.
  2. Toggle the Microsoft Intune setting to On.
  3. Click Save preferences.

Step 2: Turn on the Defender for Endpoint integration in Intune

  1. Sign in to the Azure portal.
  2. Select Device compliance > Microsoft Defender ATP.
  3. Set Connect Windows 10.0.15063+ devices to Microsoft Defender Advanced Threat Protection to On.
  4. Click Save.

Step 3: Create the compliance policy in Intune

  1. In the Azure portal, select All services, filter on Intune, and select Microsoft Intune.
  2. Select Device compliance > Policies > Create policy.
  3. Enter a Name and Description.
  4. In Platform, select Windows 10 and later.
  5. In the Device Health settings, set Require the device to be at or under the Device Threat Level to your preferred level:
    • Secured: This level is the most secure. The device cannot have any existing threats and still access company resources. If any threats are found, the device is evaluated as noncompliant.
    • Low: The device is compliant if only low-level threats exist. Devices with medium or high threat levels are not compliant.
    • Medium: The device is compliant if the threats found on the device are low or medium. If high-level threats are detected, the device is determined as noncompliant.
    • High: This level is the least secure, and allows all threat levels. So devices that with high, medium or low threat levels are considered compliant.
  6. Select OK, and Create to save your changes (and create the policy).

Step 4: Assign the policy

  1. In the Azure portal, select All services, filter on Intune, and select Microsoft Intune.
  2. Select Device compliance > Policies> select your Microsoft Defender for Endpoint compliance policy.
  3. Select Assignments.
  4. Include or exclude your Azure AD groups to assign them the policy.
  5. To deploy the policy to the groups, select Save. The user devices targeted by the policy are evaluated for compliance.

Step 5: Create an Azure AD Conditional Access policy

  1. In the Azure portal, open Azure Active Directory > Conditional Access > New policy.
  2. Enter a policy Name, and select Users and groups. Use the Include or Exclude options to add your groups for the policy, and select Done.
  3. Select Cloud apps, and choose which apps to protect. For example, choose Select apps, and select Office 365 SharePoint Online and Office 365 Exchange Online. Select Done to save your changes.
  4. Select Conditions > Client apps to apply the policy to apps and browsers. For example, select Yes, and then enable Browser and Mobile apps and desktop clients. Select Done to save your changes.
  5. Select Grant to apply Conditional Access based on device compliance. For example, select Grant access > Require device to be marked as compliant. Choose Select to save your changes.
  6. Select Enable policy, and then Create to save your changes.

For more information, see Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune.

Want to experience Defender for Endpoint? Sign up for a free trial.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 63 times, 1 visits today)
Tagged: MicrosoftMicrosoft for Endpoint

Related Articles

  • All about Microsoft

  • Overview of Microsoft 365 Lighthouse

  • Microsoft Defender for Business (preview) – Frequently asked questions and answers

  • Get help and support for Microsoft Defender for Business (preview)

  • Manage your custom rules for firewall policies in Microsoft Defender for Business (preview)

  • Firewall in Microsoft Defender for Business (preview)

ask or enter a search term

Top Rated Posts

5 (1)

Activate code Avast on Windows PC

5 (1)

[KB5699] Set the PIN in ESET Parental Control for Android

5 (2)

Getting started (app) (ESET)

5 (1)

[KB3239] How do I uninstall or reinstall ESET Cyber Security or ESET Cyber Security Pro?

5 (2)

[KB6842] Upgrade to ESET Cyber Security and ESET Cyber Security Pro version 6.6 fails on previous versions of macOS (10.6 – 10.8)

About

We are BEST Antivirus , Trusted Comparison and Cheap Antivirus Software 2020. KBS is Knowledge Base and Support : This page was created to guide customers through the installation and to resolve all the common errors of anti-virus software.

Partners

› Avast
› AVG
› BitDefender
› ESET
› Trend Micro
› All Partners

Resources

› Store
› Advertise
› Brand Reviews
› Review Platforms
› Contact Page
› Knowledge Base

  • Install & Activate
  • Troubleshooting
© Copyright by BEST Antivirus by SSG Limited