When looking at my Microsoft Endpoint Manager dashboard today, I noticed a number of new preview features have arrived. Next up, I am going to be looking at Account Protection capabilities via Endpoint Security.
Microsoft Endpoint Manager has a new homeAccess to the Microsoft Endpoint Manager now has a new URL http://endpoint.microsoft.com replacing http://devicemanagement.microsoft.com
This new preview feature supports the following scenario;
Windows 10 and later (Account Protection)
This section is quite brief but very effective if you are looking at options to protect your end-user accounts. In my own environment, I am very much using Windows Hello with credential guard to provide as much security as possible.
|Block Windows Hello for Business||Not configured / Disabled / Enabled||Windows Hello for Business is an alternative method for signing into Windows by replacing passwords, Smart Cards, and Virtual Smart Cards. If you disable or do not configure this policy setting, the device provisions Windows Hello for Business. If you enable this policy setting, the device does not provision Windows Hello for Business for any user.|
|Enable to use security keys for sign-in:||Yes / Not configured||Enable Windows Hello security key as a logon credential for all PCs in the tenant.|
| Turn on credential guard||Not configured / Enable with UEFI lock / Enable without UEFI lock|| Turn on credential guard|
There is no configuration available for macOS.
Please keep an eye on the upcoming features to Microsoft Endpoint Manager https://docs.microsoft.com/en-us/mem/intune/fundamentals/in-development
The Author – Blogabout.Cloud