Intune – How to start pushing out Defender for Endpoint on Windows Devices automatically?

May 23, 2025May 23, 2025 Liam1 Comment

All Windows devices come with their own anti-virus – Windows Defender, but what is Defender For Endpoint, and how do we start pushing it out to our corporate devices?

Microsoft Defender for Endpoint is an enterprise-level security platform designed to help businesses prevent, detect, investigate, and respond to advanced cyber threats on their devices (also known as “endpoints” — like computers, laptops, and mobile devices).

Key Features:

Threat Protection – Detects and blocks malware, ransomware, and other types of cyberattacks.
Endpoint Detection and Response (EDR) – Monitors activities on devices to spot suspicious behavior and helps investigate attacks.
Attack Surface Reduction – Limits the ways attackers can get into systems (e.g., controlling app behavior or blocking malicious websites).
Automated Investigation and Response – Uses AI to analyze threats and take action without needing manual input every time.
Threat Intelligence – Uses data from Microsoft’s global threat database to identify new and emerging threats.

It’s like a smart security system for all company devices — watching for problems, alerting IT teams, and even taking action automatically to keep everything safe.

Providing you have the correct licenses, this post will show you how I push out Defender for Endpoint with devices enrolled into Intune.

Windows 11 – Encrypt with Bitlocker and PIN

April 20, 2025April 20, 2025 LiamLeave a comment

With many forms of industry standards and cybersecurity guidelines, you will see how important it is to encrypt your data. You may password protect your Windows device, but if it stolen – all it takes is someone to remove the drive, plug it into a HDD caddy, and they will have access to your data. Windows comes with its own version of encryption called BitLocker. Once BitLocker has been enabled, the data on that drive is encrypted.

However, is the standard out-of-the-box version of BitLocker secure enough? I’m going to show you how to encrypt your data with a PIN, meaning you can only get into Windows knowing the BitLocker PIN. Please note that you need to be running a Pro version of Windows to enable this setting.

M365 – Limit Access on Unmanaged Devices

April 10, 2025April 15, 2025 LiamLeave a comment

In a dream world of IT, every device is managed, protected, encrypted and follows a Configuration Profile. However, we often come across clients, normally on the smaller side, who want their end users to be able to work on their own personal device. You can quite easily stipulate a BYOD Policy, but very often, they are simple and state, the device must have anti-virus, the device must have encryption and they must be up to date – they sign the Policy and no checks on the device itself have been carried out.

Below I’m going to go through the steps, that is put in place to limit access to the Web Apps only and prevent them from downloading files on their device and prevent them from signing into the Desktop Apps too.

Please note, to action these, you need Conditional Access, which is ‘locked’ behind a Microsoft Subscription. Having a Subscription such as Business Premium allows for Conditional Access.

Vulnerability Management – .NET / Dot Net

March 27, 2025March 27, 2025 LiamLeave a comment

For anyone who runs vulnerability scans on their devices, I can almost guarantee you’re constantly battling with .NET versions that are no longer supported or out of date, with the most recent being Dot Net 6.

In this post, I’m going to outline my recommendations to help assist in the battle.

Intune / AzureAD – Enabling RDP

March 25, 2025March 25, 2025 LiamLeave a comment

In this post, I’m going to go through the steps I actioned to enable Remote Desktop Access using Intune for devices that are Azure joined. We need to create a few configurations within Intune to get this setup.

LRS Computers

Helpdesk Support

Tag: microsoft