Now booking Q1 Intune migrations — talk to an engineer.

CyberSystem
← Back to Blog

Intune Endpoint Security: Complete Configuration Guide

Learn how to configure and manage endpoint security policies in Intune, including antivirus, firewall, disk encryption, attack surface reduction, and endpoint detection and response.

By Ali Alame
intuneendpoint-securityantivirusfirewallbitlockerdefendersecuritywindows

Endpoint security policies in Microsoft Intune provide focused, security-specific configuration options for managing device security. These policies help security administrators manage discrete groups of security settings without navigating through unrelated device configuration options.

Understanding Endpoint Security Policies

Endpoint security policies in Intune are specialized policy types designed for security-focused device management. They provide a streamlined interface for configuring security settings across Windows, macOS, iOS/iPadOS, and Android devices.

Available Policy Types

  1. Account Protection - Windows Hello and Credential Guard settings
  2. Antivirus - Antivirus and threat protection settings
  3. App Control for Business - Application control and managed installers
  4. Attack Surface Reduction - Defender attack surface reduction rules
  5. Disk Encryption - BitLocker, FileVault, and encryption settings
  6. Endpoint Detection and Response - Microsoft Defender for Endpoint settings
  7. Firewall - Firewall configuration and rules

For an overview, see Manage device security with endpoint security policies in Microsoft Intune.

Creating Endpoint Security Policies

Step 1: Access Endpoint Security

  1. Sign in to the Microsoft Intune admin center
  2. Navigate to Endpoint security
  3. Select the policy type you want to configure
  4. Select Create Policy

Step 2: Select Platform and Profile

  1. Platform: Choose the platform (Windows 10 and later, macOS, etc.)
  2. Profile: Select the profile type (e.g., Microsoft Defender Antivirus, Microsoft Firewall)

Step 3: Configure Basics

  1. Name: Enter a descriptive name
  2. Description: Optional description
  3. Select Next

Step 4: Configure Settings

Expand setting groups and configure security settings:

  • Review available settings
  • Configure recommended values
  • Customize based on requirements
  • Review setting descriptions

Step 5: Assign Scope Tags (Optional)

  1. Select + Select scope tags
  2. Choose scope tags
  3. Select Next

Step 6: Assign to Groups

  1. Select + Select groups to include
  2. Choose device or user groups
  3. Select Next

Step 7: Review and Create

  1. Review all settings
  2. Select Create

For general guidance, see Manage device security with endpoint security policies in Microsoft Intune.

Antivirus Policies

Antivirus policies help manage antivirus and threat protection settings for managed devices.

Microsoft Defender Antivirus

Configure Windows Defender Antivirus settings:

Key Settings:

  • Real-time protection: Enable/disable real-time scanning
  • Cloud protection: Enable cloud-delivered protection
  • Behavior monitoring: Enable behavior-based detection
  • PUA protection: Protect against potentially unwanted applications
  • Remediation actions: Configure actions for different threat levels

Recommended Configuration:

  • Allow Behavior Monitoring: Allowed
  • Allow Cloud Protection: Allowed
  • Allow Realtime Monitoring: Allowed
  • PUA Protection: PUA Protection on
  • Remediation actions: Quarantine for all threat levels

For detailed guidance, see Antivirus policy for endpoint security in Intune.

Firewall Policies

Firewall policies configure device firewall settings and rules.

Microsoft Firewall

Configure Windows Firewall:

Key Settings:

  • Firewall state: Enable/disable firewall
  • Firewall rules: Configure custom firewall rules
  • Domain profile: Settings for domain networks
  • Private profile: Settings for private networks
  • Public profile: Settings for public networks

Custom Firewall Rules:

  • Each profile supports up to 150 firewall rules
  • Configure rules for specific applications or ports
  • Define allow/block actions

For details, see Firewall policy for endpoint security in Intune.

Disk Encryption Policies

Disk encryption policies manage device encryption settings.

BitLocker (Windows)

Configure BitLocker encryption:

Key Settings:

  • Encryption method: Choose encryption algorithm
  • Minimum PIN length: Set PIN requirements
  • Recovery options: Configure recovery key storage
  • Encryption policy: Configure encryption requirements

Recommended Settings:

  • Require encryption: Yes
  • Encryption method: XTS-AES 256-bit
  • Recovery key backup: Azure AD or On-premises AD

For guidance, see Disk encryption policy for endpoint security in Intune.

Attack Surface Reduction

Attack surface reduction policies manage Microsoft Defender attack surface reduction rules.

ASR Rules

Configure attack surface reduction:

Key Rules:

  • Block executable content from email
  • Block Office applications from creating child processes
  • Block JavaScript or VBScript from launching downloaded content
  • Block credential stealing from Windows local security authority

Deployment Modes:

  • Block: Actively block the behavior
  • Audit: Log the behavior without blocking

Best Practice: Start with audit mode, then move to block mode after monitoring.

For details, see Attack surface reduction policy for endpoint security in Intune.

Endpoint Detection and Response

EDR policies manage Microsoft Defender for Endpoint settings and device onboarding.

Microsoft Defender for Endpoint

Configure EDR settings:

Key Settings:

  • Onboarding: Configure device onboarding
  • EDR settings: Configure detection and response settings
  • Integration: Configure Intune integration

Onboarding:

  • Automatically onboard devices to Defender for Endpoint
  • Configure onboarding package
  • Set up integration with Intune

For guidance, see Endpoint detection and response policy for endpoint security in Intune.

Account Protection

Account protection policies manage Windows Hello and Credential Guard settings.

Windows Hello

Configure Windows Hello for Business:

Key Settings:

  • Windows Hello for Business: Enable/disable
  • PIN complexity: Configure PIN requirements
  • Biometric authentication: Enable fingerprint/face recognition

Credential Guard

Configure Credential Guard:

Key Settings:

  • Credential Guard: Enable virtualization-based security
  • Platform Security Level: Configure security level

For details, see Account protection policy for endpoint security in Intune.

Best Practices

1. Start with Recommended Settings

  • Use Microsoft's recommended security baselines
  • Customize only when necessary
  • Document any customizations

2. Test Before Broad Deployment

  • Deploy to pilot groups first
  • Monitor for issues
  • Adjust settings as needed
  • Expand gradually

3. Use Scope Tags

Organize policies by:

  • Security tier
  • Department
  • Device type
  • Geographic location

4. Monitor Regularly

  • Review policy compliance
  • Check for errors
  • Address noncompliant devices
  • Update policies as needed

5. Coordinate with Other Policies

  • Avoid conflicts with device configuration profiles
  • Understand policy precedence
  • Use security baselines as foundation
  • Document policy relationships

Recommended Security Configuration

Windows Devices

Minimum Configuration:

  1. Antivirus Policy:

    • Enable real-time protection
    • Enable cloud protection
    • Enable behavior monitoring
    • Configure remediation actions

  2. Firewall Policy:

    • Enable firewall for all profiles
    • Configure appropriate rules
    • Block unsolicited inbound connections

  3. Disk Encryption Policy:

    • Require BitLocker encryption
    • Configure recovery options
    • Set encryption method

  4. Attack Surface Reduction:

    • Enable key ASR rules in audit mode
    • Monitor and adjust
    • Move to block mode after validation

For a complete example, see Tutorial: Set up and configure a cloud-native Windows endpoint with Microsoft Intune.

Troubleshooting

Common Issues

  1. Policies Not Applying

    • Verify device enrollment
    • Check device check-in status
    • Review policy assignments
    • Ensure device meets requirements

  2. Settings Conflicts

    • Review all assigned policies
    • Check for conflicting settings
    • Understand conflict resolution
    • Adjust policies as needed

  3. Security Features Not Working

    • Verify licensing requirements
    • Check platform support
    • Review setting compatibility
    • Test with different configurations

Additional Resources

Conclusion

Endpoint security policies provide focused, security-specific management capabilities for protecting your organization's devices. By following these best practices:

✅ Start with recommended security settings
✅ Test before broad deployment
✅ Use scope tags for organization
✅ Monitor policy compliance regularly
✅ Coordinate with other security policies

You can establish a comprehensive endpoint security framework that protects your devices while maintaining operational efficiency.

Remember: Endpoint security policies work alongside security baselines and device configuration profiles. Use them together to create a layered security approach that protects your organization's devices and data.