Co-management with ConfigMgr and Intune and a little something about Microsoft Defender antimalware policies

Introduction

Originally when the Endpoint Protection workload for co-management was introduced with Configuration Manager 1802, this was done without antimalware policies.

That essentially meant that antimalware policies was still being managed solely by Configuration Manager, while a feature like Exploit Guard was managed by Intune.

Now, this has since changed (at the time of writing, I’m not sure when they snug in the addition, but that’s not related to the post anyway) and the workload now includes antimalware policies enabling us to manage all aspects of Microsoft Defender with Microsoft Intune.

So what does that mean, and are there anything specifically you need to be aware of? I believe there is. 🙂

Read more…

Remind users to enroll into Windows Hello for Business using Toast Notifications and ConfigMgr

Introduction

I recently did a tweet about doing a toast notification to lure end-users into enrolling their device with Windows Hello for Business voluntarily.

Prior to doing the tweet, I found my self wrestling with Powershell and a way to locate devices not enrolled into WHfB yet. Seeing I only wanted to nag people not enrolled yet, this was a requirement for the entire process.

So this post is a little something on both the actual toast notification, but also on how I ended up locating devices not enrolled into WHfB yet using a Compliance Baseline in ConfigMgr.

Read more…