There may be times when you need to create another endpoint security policy that is nearly identical to another except for one small difference. Suppose you want to assign similar policies but to different groups. Instead of creating a new policy from scratch, you can simply duplicate the policy and then edit it to fit your requirements. When you create a duplicate of a policy, it will come with all the original configuration settings and scope tags, but it will not have any assignments and you will have to assign it a new name. You can duplicate the following types of endpoint security policies:
■ Account protection
■ Antivirus
■ Attack surface reduction
■ Disk encryption
■ Endpoint detection and response
■ Firewall
To duplicate an endpoint security policy, perform the following steps:
- Sign into the Microsoft Endpoint Manager admin center at https://endpoint .microsoft.com.
- Select the policy that you want to copy. Next, click Duplicate or click the ellipsis (. . .) to the right of the policy and select Duplicate.
- Give the policy a new name and then click Save.
Then you can edit the policy to suit your needs. To edit an endpoint security policy, perform the following steps:
- Select the new policy and then select Properties.
- Select Settings to expand a list of the configuration settings in the policy to review the current configuration, then click Edit for each category to modify the policy. Select each tab and make your changes. The tabs are:
■ Basics
■ Assignments
■ Scope Tags
■ Configuration Settings
3. Edits to one category must be saved before you can edit other categories. You do this by clicking Save.
Troubleshooting an Endpoint Security Baseline
There may be times when you have deployed an endpoint security baseline but the deployment status is showing an error. What should you do? Microsoft has provided you with the tools you need to troubleshoot the error. To figure out what the error might be, perform the following steps:
- In Intune, select Security Baselines, select a baseline, and click Profiles.
- Under Monitor, select a profile and then select Per- Setting Status.
- A table will show you all the settings along with a status of each. Select the Error or the Conflict column to see the setting causing the error.
Understanding Microsoft Defender Application Guard
One of the biggest issues that we have in IT is the Internet. It’s a world gamechanger and a company gamechanger. But that also means it’s an IT gamechanger. We in IT have to rethink how we protect our networks, and that’s because of the Internet.
Years ago, hackers had to use phone lines, and that helped prevent a lot of hacker wannabes. Phone lines were easy to track, and it could be expensive for a young hacker to spend a lot of money on phone calls— especially if they were unsuccessful with their hacks.
Today, anyone can hack from anywhere because of the World Wide Web, and they pay only a monthly fee for Internet access. So, we must rethink how we protect our data and our companies. This is where Application Guard can help us.
Application Guard was specifically designed for Windows 10/11 and Microsoft Edge. Application Guard works with Microsoft Edge to isolate untrusted websites, thus protecting your organization’s network and data while your users are working on the Internet.
As an enterprise administrator, you can pick which websites are defined as trusted sites. These sites can be internal websites, external websites, company websites, and cloud- based organizations. If a site is not on the trusted list, it is then considered untrusted and automatically isolated when a user visits the site.
When a user accesses a website that is not on the trusted list, Microsoft Edge will be automatically opened in an isolated Hyper- V- enabled container. This container will be a separate environment from the host operating system, and this will help protect untrusted websites from causing damage to the Windows client system. Also, since the website will be isolated, any type of attack will not affect the corporate network or its data.
Microsoft Defender Application Guard is disabled by default. It works in two modes: Standalone or Enterprise. Standalone mode allows a noncorporate user to use Microsoft Defender Application Guard without any administrator- configured policies. Enterprise mode is used in an enterprise environment and can be configured automatically by the enterprise administrator.
For you to use Microsoft Defender Application Guard, your environment must meet a few hardware requirements. These include the following:
■ 64- bit CPU: A 64-b it computer with minimum four cores (logical processors) is required for hypervisor and virtualization- based security (VBS).
■ CPU virtualization extensions: Extended page tables, also called Second- Level Address Translation (SLAT), and either one of these virtualization extensions for VBS: VT- x (Intel) or AMD- V.
■ Hardware memory: Microsoft requires a minimum of 8 GB of RAM.
■ Hard disk: 5 GB of free space, solid- state disk (SSD) recommended.
■ Input/Output Memory Management Unit (IOMMU) support: Not required but recommended.