Managing your Account Protection in Endpoint Manager is now in preview

Hello there

When looking at my Microsoft Endpoint Manager dashboard today, I noticed a number of new preview features have arrived. Next up, I am going to be looking at Account Protection capabilities via Endpoint Security.

Microsoft Endpoint Manager has a new home

Access to the Microsoft Endpoint Manager now has a new URL http://endpoint.microsoft.com replacing http://devicemanagement.microsoft.com

This new preview feature supports the following scenario;

Windows 10 and later (Account Protection)

Account Protection

This section is quite brief but very effective if you are looking at options to protect your end-user accounts. In my own environment, I am very much using Windows Hello with credential guard to provide as much security as possible.

SettingActionDefinition
Block Windows Hello for Business Not configured / Disabled / Enabled Windows Hello for Business is an alternative method for signing into Windows by replacing passwords, Smart Cards, and Virtual Smart Cards. If you disable or do not configure this policy setting, the device provisions Windows Hello for Business. If you enable this policy setting, the device does not provision Windows Hello for Business for any user.
Enable to use security keys for sign-in: Yes / Not configured Enable Windows Hello security key as a logon credential for all PCs in the tenant.
Turn on credential guard
Not configured / Enable with UEFI lock / Enable without UEFI lock Turn on credential guard

There is no configuration available for macOS.

Please keep an eye on the upcoming features to Microsoft Endpoint Manager https://docs.microsoft.com/en-us/mem/intune/fundamentals/in-development

Regards
The Author – Blogabout.Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *