Endpoint analytics
- Scores
- Baselines
- Insights and recommendations
A status of insufficient data – don’t have enough devices reporting to provide a meaningful score. Currently, at least 5 devices are required.
App protection policies
Can apply to both manage & unmanged app via Intune.
The Intune Company Portal is required on the device to receive App Protection Policies on Android.
On Android, Android devices will prompt to install the Intune Company Portal app regardless of which Device Management type is chosen.
The Assignments page allows you to assign the app protection policy to groups of users. You must apply the policy to a group of users to have the policy take effect.
Endpoint Protection profile
Exploit Guard
Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > Attack Surface Reduction
Attack surface reduction rules target certain software behaviors, such as:
- Launching executable files and scripts that attempt to download or run files
- Running obfuscated or otherwise suspicious scripts
- Performing behaviors that apps don’t usually initiate during normal day-to-day work
Windows Firewall Global settings
These settings are applicable to all network types.
- File Transfer Protocol
Default: Not configured
Firewall CSP: MdmStore/Global/DisableStatefulFtp- Block – Disable stateful FTP.
- Not configured – The firewall does stateful FTP filtering to allow secondary connections.
Add Microsoft Store apps to Intune
In the App information page, add the app details
- Information URL: Optionally, enter the URL of a website that contains information about this app. The URL is displayed to users in the company portal.
- Privacy URL: Optionally, enter the URL of a website that contains privacy information for this app. The URL is displayed to users in the company portal.
- Developer: Optionally, enter the name of the app developer.
- Owner: Optionally, enter a name for the owner of this app, for example, HR department.