| title | endpoint analytics is enabled to help identify risks on Windows devices |
|---|---|
| author | brenduns |
| ms.topic | include |
| ms.date | 10/03/2025 |
| ms.custom | Intune-Secure-Recommendation |
If endpoint analytics isn't enabled, threat actors can exploit gaps in device health, performance, and security posture. Without the visibility endpoint analytics brings, it can be difficult for an organization to detect indicators such as anomalous device behavior, delayed patching, or configuration drift. These gaps allow attackers to establish persistence, escalate privileges, and move laterally across the environment. An absence of analytics data can impede rapid detection and response, allowing attackers to exploit unmonitored endpoints for command and control, data exfiltration, or further compromise.
Enabling endpoint analytics provides visibility into device health and behavior, helping organizations detect risks, respond quickly to threats, and maintain a strong Zero Trust posture.
Remediation action
Enroll Windows devices into endpoint analytics in Intune to monitor device health and identify risks:
For more information, see: