Endpoints are the devices that connect to a computer network. Endpoints include desktops, laptops, tablets, mobile devices, servers, IoT devices, virtual machines, and more. Endpoint security helps to protect these endpoints from cyberattacks by using a wide variety of services and solutions. The first endpoint security tools were the traditional antivirus and antimalware software. Now, endpoint security has expanded to include more advanced cloud solutions. Some of the more common endpoint security risks are as follows:
Device Loss This is when a device is physically lost, allowing an attacker to access important corporate information.
Drive- by Downloads This type of attack uses the automated download of software to a device without the user’s knowledge or consent.
Malware Ads These attacks use online ads to spread malware and hack into systems.
Outdated Patches If devices are not updated regularly, then this may expose vulnerabilities that will allow an attacker to break into a device and steal information.
Phishing This attack is a form of social engineering attack that tricks the target into sharing sensitive information.
Ransomware This is a malware attack that will hold the target’s information or system hostage until the attacker is paid to release it.
Endpoint Security Best Practices
To help protect against cyberattacks, there are some best practices that you can follow. One of the most important things you can do is educate your users. When it comes to endpoint security, you are the first line of defense. Keep your users up to date on security and compliance training. Keep track of devices that are connected to your network, and make sure that your endpoints have the most current updates and patches. You can add another layer of protection to devices and information by encrypting your endpoints. You can implement strong passwords by using complex passwords, enforcing regular password updates, and prohibiting users from using old passwords.
Microsoft Defender for Endpoint was designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It is a cloud- powered endpoint security solution that will help protect against ransomware, file- less malware, and other attacks on Windows, macOS, Linux, Android, and iOS.
Managing Endpoint Security in Microsoft Intune
You can use Intune to configure device security to manage security tasks for devices by using the Endpoint security node. Endpoint security policies are created to help you reduce risks and focus on device security. The Endpoint Security node (as shown in Figure 15.23) is where you will find the tools that you can use to keep your devices secure. You will be able to perform the following:
Create Compliance Policies You can set up device and user requirements using compliance policies. These are the rules that devices and users must meet to be considered compliant.
Deploy Security Baselines Intune includes security baselines for Windows devices and a list of applications, such as Microsoft Defender for Endpoint and Microsoft Edge. The security baselines are preconfigured groups of Windows settings that help you apply a recommended configuration. We will discuss security baselines more in the next section.
Integrate Intune with Your Microsoft Defender for Endpoint Team By integrating the two, you can access security tasks. Security tasks help your security team identify devices that may be at risk and include steps on how to correct any issues.
Manage Security Configurations Endpoint security policies focus on device security such as antivirus, disk encryption, firewalls, and more through the use of Microsoft Defender for Endpoint.
Review Managed Device Statuses You can use the All Devices section to see whether devices are in compliance, and if they’re not, you can use this section to see how to resolve issues for the devices that are not in compliance.
FIGURE 15.23 Endpoint Security Overview
Managing Security Baselines
In Intune, security baselines are preconfigured groups of settings that are best practice recommendations from the Microsoft security teams for that product. These recommendations protect your users and devices. Intune supports security baselines for Windows 10/11 device settings, Microsoft Edge, Microsoft Defender for Endpoint Protection, and more. Security baselines are supported for devices that run Windows 10 version 1809 and later, and Windows 11.
Prior to deploying security baselines, you can customize them in order to enforce only the settings and values you want. Because in most situations, the default settings of a security baseline are the most restrictive, you want to ensure that the default settings do not interfere with other policy settings you have established already. When you create a security baseline profile in Intune, you are creating a template that consists of multiple device configuration profiles. In Intune, security baselines are deployed to groups of users or devices.
To access security baselines, go to the Microsoft Endpoint Manager admin center ➢ Endpoint Security ➢ Security Baselines (as shown in Figure 15.24). You will then see a list of all the available baselines. The list will show you the name of the baseline template, how many profiles you have that use that type of baseline, how many versions of the baseline type are available, and the last published date that shows when the latest version of the baseline template became available.
In order to manage security baselines in Intune, you must have an account with the Policy and Profile Manager built- in role, and you may have to have an active subscription to additional services, such as Microsoft Defender for Endpoint.
Some common tasks when working with security baselines include creating a profile, changing the version, and removing a baseline assignment. To create a profile, follow these steps:
- Sign into the Microsoft Endpoint Manager admin center at https://endpoint .microsoft.com.
- Select Endpoint Security ➢ Security Baselines to view the list of available baselines (as shown in Figure 12.3 earlier).
- Select the baseline you want to use and then click Create Profile.
- On the Basics tab, specify the name and description. The description is optional but I recommend that you include it. Then click Next to go to the next tab.
- On the Configuration Settings tab, view the available baseline settings you can select. You can expand a group to view the settings in that group, and the default values for those settings in the baseline (as shown in Figure 15.25).
FIGURE 15.25 Security Baselines: Configuration Settings
- On the Scope Tags tab, click Select Scope Tags to open the Select Tags pane, where you can assign scope tags to the profile.
- On the Assignments tab, click Select Groups To Include and then assign the baseline to one or more groups.
- When you are ready to deploy the baseline, select the Review + Create tab and review the details for the baseline. Click Create to save and deploy the profile. As soon as the profile is created, it will be pushed to the assigned group and immediately applied.
Once a profile has been created, you can edit it by going to Endpoint Security ➢ Security
Baselines, selecting the baseline type that you configured, and then selecting Profiles. Then, select the profile from the list of available profiles, and click Properties. You can edit settings from all the available configuration tabs, and click Review + Save to commit your changes.