Hey there, loving the solution baselines as a strategy to get new tenants up and running with settings that conform to how an MSP decides to manage customer environments!
We like this as there is always a default set of things we setup on any environment.
Keeping in line with this, I have one question and one feature suggestion related to the Defender solution baseline!
1. I see notifications are upcoming! Just to confirm, would this be something that allows us to setup Email alerts (found in settings>endpoints>emails in the security portal)
2. keeping aligned with default settings/policies we setup, we also apply a web content filtering policy to every tenant, wondering if this might be added to the solution baseline one day? When something needs to be unblocked, we scope, then add a url indicator that allows that specific site. I don't think that would really align with a solution baseline, but would be curious if there might be any plans to setup a defender section at the account level for some management, similar to the exchange section!
Anywho, thanks for reading!
Defender Solution Baseline Additions (filters/ notifications)
For #1, that's how I understand the feature is going to work, but it may change a little bit when it is released.
Is that how you're wanting the feature to work?
Great idea on #2.
We don't currently have that functionality, but it is something we've been talking about implementing.
If we were going to add that feature, are there other settings you think we should add or if we add Web Content Filtering, that will handle 90% of your customers?
It would honestly handle most of what we do.
Other things I can think of are likely not exposed via graph, like enabling the intune connector and cloud apps.
One thing I can think of that might be a more general/popular feature would be gathering activity reports of a specific device?
Would be good to hear what others might say!
Thanks, Aidan.
Being able to Enable the Intune Connector for Defender would be cool (if the Graph API supports it, like you said).
Not sure if that'd fit in the Solution Baselines section or be more of a fit for the Integrations wizard (rough mock-up below), but that's a minor thing the product team can figure out. 🙂
We do have some defender info in the Intune Device properties, but are you looking for it to include more information like we can get from the Defender Portal?
NMM Intune Device Properties
Defender Portal
We seem to do a decent amount on the cloud apps side, so potentially making policies. Honestly running out of ideas as it's pretty normal to jump into defender after an alert!
Thanks, Aidan.
So, if we can keep your team in your NMM portal to resolve alerts, that would help streamline your process?
I think the streamlining would come from being able to create indicators to allow sites and potentially cloud app policies. resolving alerts all through nerdio would just be an extra accomplishment!
Please sign in to leave a comment.
Comments (6 comments)