Unlock the Potential of Comprehensive Endpoint Security with Microsoft Defender for Business Integration with MEM and Conditional Access

Microsoft Defender for Business (MDB) is a massive product with numerous bases to obscure. Thus far, we’ve talked about the Simplified configuration method. Threat & Vulnerability Management, and Attack Surface Reduction Rules.

Since we started our collection, an interesting thing has happened: MDB has been added to the Microsoft 365 Business Premium SKU. This assertion is made together with any other related: General Availability of Microsoft 365 Lighthouse for partners (consisting of a few vital announcements about GDAP). These are big steps ahead for the providers of SMB corporations inside the Microsoft cloud.

But nowadays, we’re going to go back to our recognition of Microsoft Defender for Business and speak about how we can integrate indicators from our EDR with Conditional Access. Hence, we may use MDB data to determine whether our devices are still “healthy enough” to access corporate resources. Refusing access until the tool is safe is an option if the risk level is too high.

Step 1. Ready MEM to integrate with MDB

Some of these things may already be on in your tenant’s apartment. It’s a good idea to double-check and make sure they’re set up right if they’re not. We already checked Endpoints > Advanced features within the Microsoft 365 Defender Settings location, so we have to be desirable there. Next, navigate to the Microsoft Endpoint Manager portal (https://endpoint.Microsoft.Com).

  • Go to Endpoint Security, then under Setup
  • Discover Microsoft Defender for Endpoint
  • Switch all the option to On if it is not already. 
  • Be certain to Save your selections on this screen.

Ready MEM to integrate with MDB

Step 2. Configure compliance guidelines

Next, we’re going to go to Device compliance.

  • If you want customers to receive a notification, visit the Notifications web page from the left navigation. 
  • Add a notification you may use with your compliance policy.

In this example, I even have named the notification: “Device is above-suited chance threshold” with an easy message for the stop person about contacting IT Support for an immediate decision. You need to customize your very own message to fit your state of affairs.

  • Return to Compliance guidelines to create new policies: one for every device platform.
  • Starting with Windows 10 and later gadgets, we can supply this policy with a name and outline that makes sense. 
  • On the Compliance settings web page, increase the Microsoft Defender for Endpoint choice.

Configure compliance guidelines

I actually have set this feature to Clear in the above instance. Because of this, that device must be free of threats, or it will be marked non-compliant. 

You can also pick out LowMedium, or High because of the “hazard score” threshold (via the manner, selecting High might suggest that any danger degree keeps the device in a compliant nation, so this would now not be encouraged). 

Read how Defender ranks risk severity here.

On the Actions for the Noncompliance web page, you may decide whether to consist of a grace length (postpone) and other actions along with Send email to stop the user.

Note: Every now and then, a brief grace period for Mark device non-compliant may be an excellent aspect. 

  • Click via to Assignments and end putting in place your policy; (take into account starting with a pilot institution and run them in this configuration for at least every week before transferring to All users). 
  • Again, you can create a policy like this for every tool platform you intend to assist.

Step 3. Configure App Protection Policies (non-obligatory)

For cell devices, don’t forget that we’ve two options: we can put policies into effect through MDM (complete tool-based totally control) or use a lightweight app-primarily based control version (MAM). If you’re taking benefit of this latter sort of policy, then understand it is additionally possible to integrate it with MDB’s threat popularity as nicely.

  • Recall that display from step 1 (Endpoint protection > Setup Defender for Endpoint). The options to enable MAM integration for iOS and Android are toward the bottom of that web page.
  • Assuming those are on, you can configure the corresponding settings on your MAM guidelines (Apps > App protection rules).
  • Specifically, you’ll want to scroll down to the Device conditions area on the Conditional release screen. 
  • Configure the putting referred to as Max allowed device chance degree.

Configure App Protection Policies (non-obligatory)

In this case, I need it to act similarly to my tool-based compliance guidelines, so I will pick out “Secured” (similar to Clear inside the compliance rules) and set the Action – “Block get admission to”.

Step 4. Integrate Conditional Access

Before you install Conditional Access Policy to meet the new compliance requirements, you must ensure that the users and devices you’ve chosen appear compliant in the Microsoft Endpoint Manager portal. Must install the Company Portal app and the Defender app on their mobile device.

Once you know that your devices are reporting in and following the rules (which means they are not likely to be hurt by a device-based CA policy), you can move on to the last step.

  • When you’re equipped, navigate to Endpoint Security >> Conditional Access.
  • Create a brand new policy and supply it with the correct name. 
  • Target the same (certified) customers you did with the compliance regulations and app protection policies within the previous steps (and continually exclude at least one emergency access account). 
  • Under Cloud apps or actions, pick just one cloud app for now: Office 365.
  • Under Access controls >> Grant, pick out Require a tool to be marked as compliant in addition to Require app protection coverage
  • Then down under, use the choice – Require one of the selected controls
  • Ensure Access to Office 365 works best if the device meets the requirements of the tool-based compliance rules (free of threats). Or the app-based security rules (which require cell devices to be clean of threats).
Integrate Conditional AccessNote:

Regarding different Conditions in the policy, that depends on your state of affairs. 

For example, do you need to apply this Access manipulation most effectively for Mobile apps and computer customers? Or do you need it to use to get entry to requests that take region via internet browsers additionally? You may also assemble this as two policies, one targeting just iOS and Android devices with the App safety requirement and any other for Windows/macOS that enforces compliance. The coverage I show right here does each in a single without a different situation.

You can Create and allow the policy to complete.

Scenario

At this factor, a consumer within the scope of these policies finishes up in a scenario. That scenario compromises one of their gadgets with the aid of some danger in keeping with MDB. This may suspend the Entry to Office 365 until remediating the tool.

It can also be fine to Autopilot reset or manufacturing unit reset an infected device, after which run scans across other devices to restore self-assurance within the surroundings. In a few cases, this occurs automatically because of Automated Investigation and Remediation (AIR need to be on by default in MDB) or due to a brief fake wonderful. In different cases, there is a need for extreme observasion.

But at the end of the day, now you have an answer. You can take on your customers. This is in contrast to every other you’ve had earlier; At the same time, Defender’s telemetry determines a tool may be at hazard. This will let your customer know about the risk and give them access to company information. If the risk isn’t fixed in a short amount of time, resources can be taken away automatically. This reduces “dwell time” and lowers your general danger. That’s quite a compelling statement, I assume.

Conclusion:

Now, one last thing to be aware of: Microsoft has not launched the “standalone” model of MDB at this factor (just the one bundled in Microsoft 365 Business Premium). This feature shouldn’t be part of a standalone because it needs extra licencing. That is like Azure AD Premium P1 and Microsoft Intune/Endpoint Manager (each found in Business Premium).

At TECHOM Systems, we specialise in delivering innovative and effective Microsoft solutions to businesses of all sizes. Our team of experts can help you leverage the power of Microsoft technologies to drive your business forward. From Microsoft Defender for Business with MEM and Conditional Access to Azure AD Premium P1 and Microsoft Intune/Endpoint Manager, we offer a comprehensive suite of solutions to help protect and manage your organisation’s endpoints, data, and resources. With our deep understanding of Microsoft technologies, we can help you optimise your IT infrastructure, improve collaboration and productivity, and streamline your operations.

See how Microsoft Defender for Business can help protect your organisation!

Don’t leave your corporate data at risk – Reach Out to TOS consulting experts to implement Microsoft Defender for Business with MEM and Conditional Access policies today.