Defender for Endpoint/Server profiles and policies

Overview

This article provides step-by-step instructions and shows configuration profiles and policies as well as scripts that have been configured on Intune and security portal for Microsoft defender for endpoint and servers managed by MDM respectively. This would help to identify settings that should be reviewed if changes are needed and to be assigned to devices and servers manually if necessary.

Prerequisites

Intune Administrator role for endpoints
Security Administrator role for servers on security portal managed my MDM

Endpoint Protection Policies and profiles - Intune

Antivirus policies

Teach First - Microsoft Defender Antivirus Policy : Default antivirus policies for all windows end users devices.
Teach First MacOS - Microsoft Defender Antivirus Policy : Default antivirus policies for all MacOS end users devices.
Teach First - Windows Security Experience : Policies that define the features that are available on Windows security centre.
Defender - App and Browser Control profile (Devices > Configuration) : Configuration profile to turn on App and Browser control for devices.

Disk encryption policies

Teach First - Bitlocker Encryption Policy : Default drive encryption policies for all windows end users devices.
Live - Backup BitLocker Keys to AAD (Devices > Scripts and remediations > Platform scripts): PowerShell script to force backup of end users devices bitlocker to Entra ID/Intune.
AUTOPILOT - Enable BitLocker Encryption (Apps > Windows > Windows apps) : PowerShell script packaged as Win32 app to automatically start bitlocker and encrypt device disks during imaging with autopilot. Assigned to TF Config ESP Enrolment status page.

Firewall policy

Teach First - Microsoft Defender Firewall Policy : Default firewall policy for all windows end users devices.
Teach First MacOS - Microsoft Defender Firewall Policy : Default firewall policies for all MacOS end users devices.

Attack surface reduction

Teach First - Attack Surface Reduction Rules : Default ASR policy for all windows end users devices.
Teach First - Device Control Policy : Default device control policy for all windows end users devices.

Server protection policies and profiles - Intune/MDM

Antivirus policies

Teach First Windows Servers - Microsoft Defender Antivirus Policy : Default antivirus policies for all Windows servers.
Teach First Linux Servers - Microsoft Defender Antivirus Policy : Default antivirus policies for all Linux servers.
Teach First Dynamics GP Servers - Microsoft Defender Exclusions : Defender antivirus path and processes exclusions for Dynamics GP servers.

Attack surface reduction

Teach First Servers - Attack Surface Reduction Rules : Default ASR policy for all windows servers.
Teach First Servers - Device Control Policy : Default device control policy for all windows servers.
- ASR/Device Control Policy Reusable settings: Any Removable Storage, CD-DVD and WPD Devices and Approved USBs Groups settings used in device control to block all USB devices and allow approved USB devices