Skip to content

ref-edr-settings.md

Latest commit

 

History

History
92 lines (59 loc) · 3.46 KB

ref-edr-settings.md

File metadata and controls

92 lines (59 loc) · 3.46 KB
title Intune endpoint security Endpoint detection and response settings
description Endpoint security Endpoint detection and response policy settings for deprecated profiles in Microsoft Intune
ms.date 03/28/2025
ms.topic reference
ms.collection
M365-identity-device-management
sub-secure-endpoints
ms.reviewer mattcall

Endpoint detection and response policy settings for endpoint security in Intune

Important

[!INCLUDE windows-10-support]

Note

The information in this article applies only to the settings in the Endpoint detection and response profile for the Windows 10 and later platform for endpoint security Endpoint detection and response policy.

Beginning on April 5, 2022, the Windows 10 and later platform was replaced by the Windows platform. Although you can no longer create a new instance of this older profile, you can continue to edit and use an existing instances of this profile. The settings details in this article apply only to the deprecated profiles.

View the settings you can configure in profiles for Endpoint detection and response policy in the endpoint security node of Intune.

Applies to:

Supported platforms and profiles:

  • Windows: Use this platform for policy you deploy to Windows devices managed with Intune.

    • Profile: Endpoint detection and response (MDM)

  • Windows (ConfigMgr): Use this platform for policy you deploy to devices managed by Configuration Manager.

    • Profile: Endpoint detection and response (ConfigMgr)

Endpoint detection and response (MDM)

Endpoint detection and response:

  • Microsoft Defender for Endpoint client configuration package type

    Upload a signed configuration package that will be used to onboard the Microsoft Defender for Endpoint client.

    • Not configured (default)
    • Onboarding blob
    • Offboarding blob

    When set to Onboarding blob, you can configure the following settings:

    • Defender for Endpoint onboarding blob Click Select onboarding file to open the Select onboarding File pane, where you specify a .onboarding file.

    When set to Offboarding blob, you can configure the following settings:

    • Defender for Endpoint offboarding blob Click Select offboarding file to open the Select offboarding File pane, where you specify a .offboarding file.

  • Sample sharing for all files

    Returns or sets the Microsoft Defender for Endpoint Sample Sharing configuration parameter. Sample Sharing sends a file to Microsoft for deep analysis. Organizations can disable sample sharing on specific devices that are considered too sensitive.

    • Not configured (default)
    • Yes

  • Expedite telemetry reporting frequency

    • Not configured (default)
    • Yes - Increase the Microsoft Defender for Endpoint telemetry reporting frequency.

Endpoint detection and response (ConfigMgr)

Endpoint detection and response:

  • Sample sharing for all files

    Returns or sets the Microsoft Defender for Endpoint Sample Sharing configuration parameter.

    • Not configured (default)
    • Yes

  • Expedite telemetry reporting frequency

    • Not configured (default)
    • Yes - Increase the Microsoft Defender for Endpoint telemetry reporting frequency.

Next steps

Endpoint security policy for EDR