Skip to content

configmgr-endpoint-security-profiles.md

Latest commit

 

History

History
86 lines (60 loc) · 6.94 KB

configmgr-endpoint-security-profiles.md

File metadata and controls

86 lines (60 loc) · 6.94 KB
ms.subservice core-infra
ms.topic include
ms.date 07/11/2022
ms.collection tier3
Platform Endpoint security policy Profile Endpoint Protection (Configuration Manager) Endpoint Security (Tenant Attach)
Windows 10, Windows 11, and Windows Server Antivirus Antivirus Supported Supported
Windows 10, Windows 11, and Windows Server Antivirus Antivirus Exclusions Supported Supported
Windows 10, Windows 11, and Windows Server Antivirus Tamper Protection Not Supported Supported
Windows 10, Windows 11, and Windows Server Attack Surface Reduction Attack Surface Reduction Rules Supported Supported
Windows 10, Windows 11 Attack Surface Reduction Application Guard Settings Supported Supported
Windows 10, Windows 11, and Windows Server Attack Surface Reduction Exploit protection Supported Supported
Windows 10, Windows 11, and Windows Server Endpoint detection and response Endpoint detection and response Supported Supported
Windows 10, Windows 11, and Windows Server Firewall Firewall Supported Supported
Windows 10, Windows 11, and Windows Server Firewall Firewall Rules Not Supported Supported

The following profiles are supported for devices you manage with Configuration Manager current branch, through the tenant attach scenario:

  • Platform: Windows 10, Windows 11, and Windows Server (ConfigMgr)

    • Profile: Microsoft Defender Antivirus - Manage Antivirus policy settings for Configuration Manager devices, when you use tenant attach.

      This profile is supported with devices that are tenant attached and run the following platforms:

      • Windows 10 and later (x86, x64, ARM64)
      • Windows Server 2019 and later (x64)
      • Windows Server 2016 (x64)
      • Windows 8.1 (x86, x64)
      • Windows Server 2012 R2 (x64)

    • Profile: Windows Security experience (ConfigMgr) - Manage Windows Security app settings for Configuration Manager devices, when you use tenant attach.

      This profile is supported with devices that are tenant attached and run the following platforms:

      • Windows 10 and later (x86, x64, ARM64)
      • Windows Server 2019 and later (x64)

    [!Important] To support managing tamper protection your environment must additionally meet the prerequisites for managing tamper protection with Intune as detailed in the Windows documentation.

    • Profile: Endpoint detection and response (ConfigMgr) - Manage Endpoint detection and response policy settings, when you use tenant attach.

      This profile is supported with devices that are tenant attached and run the following platforms:

      • Windows 10 and later (x86, x64, ARM64)

      • Windows 8.1 (x84, x64)

      • Windows Server 2019 and later (x64)

      • Windows Server 2016 (x64)

      • Windows Server 2012 R2 (x64)

      • Profile: Attack Surface Reduction Rules (ConfigMgr) - Manage Attack Surface Reduction Rules for Configuration Manager devices as part of Attack surface reduction policy, when you use tenant attach.

      This profile is supported with devices that are tenant attached and run the following platforms:

      • Windows 10 and later (x86, x64, ARM64)
      • Windows Server 2019 and later (x64)
      • Windows Server 2016 (x64)
      • Windows Server 2012 R2 (x64)

      [!NOTE] Attack Surface Reduction rules may not be available on Windows Server 2012 R2 and Windows Server 2016. For more information please refer to Attack Surface Reduction rules documentation.

  • Platform: Windows 10 and later

    • Profile: Microsoft Defender Firewall (ConfigMgr) - Manage firewall policy settings for Configuration Manager devices, when you use tenant attach.

      This profile is supported with devices that are tenant attached and run the following platforms:

      • Windows 10 and later (x86, x64, ARM64)

      [!Important] A supported version of Configuration manager is required to support firewall policies.

    • Profile: Exploit Protection (ConfigMgr) - Manage Exploit Protection settings for Configuration Manager devices as part of Attack surface reduction policy, when you use tenant attach.

      This profile is supported with devices that are tenant attached and run the following platforms:

      • Windows 10 and later (x86, x64, ARM64)

    • Profile: Web Protection (ConfigMgr) - Manage Web Protection settings for Configuration Manager devices as part of Attack surface reduction policy, when you use tenant attach.

      This profile is supported with devices that are tenant attached and run the following platforms:

      • Windows 10 and later (x86, x64, ARM64)