Hardening Windows Clients with Microsoft Intune and Defender for Endpoint

Adrian Edgar

How to manage vulnerabilities on corporate assets. 

Corporate assets must be configured and set up securely to minimise vulnerabilities across the organisation. Hardening your Windows clients, including laptops and mobiles, is one way to do this.

And there is an easy solution that uses a variety of Microsoft products, including Microsoft Intune and Defender for Endpoint (MDE), which can lower your team’s workload while ensuring your company’s security posture is maintained. The solution revolves around the implementation of industry recognised security baselines – and doing this consistently.

7 steps to hardening Windows clients

We have identified 7 steps to hardening your Windows clients, and manage vulnerabilities:

Step 1: Confirm that Intune is managing your clients
Use Microsoft Intune to centrally manage your assets.

Step 2: Ensure that Microsoft Defender for Endpoint is automatically deployed
Verify that communications are taking place between Defender and Intune.

Step 3: Create groups to test security baselines in a controlled manner
Test your security baselines with a select group of users to lower the impact of change.

Step 4: Select the security baselines to use and plan the deployment
Decide whether to apply security baselines included in the product, or create custom baselines to comply with your organisational requirements.

Step 5: Default security baselines for Intune managed devices
Check out the Microsoft maintained and published baselines and apply to your devices.

Step 6: Custom security baselines for Intune managed devices
Create your own custom security baselines and apply if required.

Step 7: Monitor impact and report on compliance
Use the Intune Portal to track results, view issues and monitor performance.

Hardening clients does not have to be difficult or limited.

For more in-depth detail around the steps you can take to hardening your Windows clients with Microsoft Intune and Defender for Endpoint – and how to implement them within your organisation, read in more in this article by Microsoft.

In the meantime, if you would are considering introducing Microsoft Intune and Microsoft Defender for Endpoint (MDE) into your organisation, simply contact us today and we would be happy to discuss your requirements.