For a while now I have been doing a lot of work behind the scenes on looking into the security of Windows 11 and using Intune (Endpoint Security) and Defender to not only report on issues but also bring to light how important it is to patch, this not only includes Windows 11 itself but also applications such as Adobe, Microsoft Office, etc. to name some of the applications tested.

While we won’t dive into the licensing section of what is required to have this setup, on the Intune side of things, we can manage a whole lot of things, here is a snippet of the Intune Admin Center.

I was amazed that once everything was setup and implemented, Microsoft defender actually came back and reported a number of security recommendations as shown below:

The number of security recommendations in the image is 14 but it was actually over 25. You can’t imagine how much work needs to be put in to secure you environment. Just slapping a Windows update here and there is not enough. Bad actors are always looking for ways in and with all the zero-day exploits surfacing such as extensions in OneNote and issue in Office that was recently highlighted, we have to constantly check these portals if you are using them and adjust/update based on what is recommended.

Intune and Windows Defender in-depth configuration is out of scope for this article but stay tuned for more on securing Windows 11.

Hope it helps.

By edward