MD-101-Manage and protect devices Summary

Version vom 8. November 2019, 04:28 Uhr von Rladmin (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
  • Windows Defender features are managed through pwershell, gpos or intune
    • Windows Defender Credential Guard requires Windows 10 Enterprise or Education and TPM and virtualization has to be enabled
    • Windows Defender Exploit Guard
      • Exploit Protection
      • Attack Surface Reduction Rules
      • Network Protection
      • Controlled Folder Access
    • Windows Defender Application Guard
      • requirements like Credential Guard
      • new browser windows in virtualized sandboxes
    • Windows Defender Application Control to determine which apps are safe to run in the organization
    • Threat Agent Status for monitoring Defender on enrolled devices


  • Ways to enroll Windows devices
    • Add a work or school account
    • Enroll in MDM only (user-driven)
      • Android and iOS devices can be enrolled by downloading the Company Portal app from the app store and signing in with the organsation account
    • Enroll in MDM only (Device Enrollment Manager)
    • Azure AD Join during OOBE
    • Azure AD Join using Windows Autopilot
      • Autopilot can be configured to be user-driven or self-deploying
    • Azure AD Join using bulk enrollment


  • Windows Analytics and Log Analytics require an Azure subscription
Abgerufen von „https://wiki.lehmann.systems/index.php?title=MD-101-Manage_and_protect_devices_Summary&oldid=176