Link to home
Get AccessLog in
Avatar of Pau Lo
Pau Lo

asked on

Intune/Endpoint manager administrative errors

If you have administrator responsibilities for using Intune/Endpoint manager for your end user devices, specifically windows 10 laptops, how easy is it for administrators to get things wrong, overlook things, and potentially leave devices in an unsecure state? As InTune/Endpoint Manager is responsible for managing the security ‘essentials’, e.g. OS patching, Application patching, Anti-Virus, Firewall, FDE (full disc encryption such as Bitlocker) etc – it is imperative the system it managed and configured in line with best practice, so we can obtain assurance that all the essential security controls are in place for our windows endpoints (laptops!).


Is there much scope for administrative error where such settings may not be as expected/required? Or is it a relatively easy system to manage?  

Are there any common errors/mistakes to look out for, which may have security implications?


To put it into context on the purpose of this, in reviews of other endpoint management practices in more traditional on-premises environments, it was not uncommon (albeit quite unexpected) when doing a 'deep dive' to find devices without AV enabled, no recent patches, firewall disabled, disc encryption not enabled, no policies for USB port controls - suggesting some form of oversights in the configuration and management of such systems, so I want to explore if InTune/Endpoint Manager is a more reliable solution, whereby such issues should not really exist, or if it is as error prone as predecessors/alternatives, and if so - common mistakes to keep an eye out for. 

ASKER CERTIFIED SOLUTION
Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access