Endpoint Protection

Windows Intune Endpoint Protection helps enhance the security of managed devices (computers and mobile devices) in your organization by providing real-time protection against potential threats, keeping malicious software definitions up to date, and automatically running scheduled scans. The Windows Intune Endpoint Protection workspace in the Windows Intune administrator console provides Endpoint Protection status summaries so that if malicious software is detected on a managed device, or if a device is not protected, you can quickly identify the affected device and take appropriate action. You can also configure alert notification rules to notify you or others by email of a detected threat. For more information, see Configure Alert Notification Rules.

You can schedule automatic scans by using Policy , and at any time you can also run a remote task to initiate a quick scan or a full scan, or update malware definitions on a device. For more information about running remote tasks, see Running Remote Tasks from the Windows Intune Administrator Console. A quick scan checks the places, processes in the memory, and registry files on the hard disk that malicious software, or malware, is most likely to infect. A full scan checks all files on the hard disk and all currently running programs, so a full scan could cause managed devices to run slowly until the scan is complete. By default, quick scans are scheduled daily at 2 A.M. on devices that are not being used. Also by default, Windows Intune checks for the latest virus and spyware definitions before quick scans are run. For more information about scheduling automatic scans, see Managing Device Security with Windows Intune.

Links on the Endpoint Protection Overview page in the console connect you to relevant Microsoft Malware Protection Center topics where you can learn more about malicious software that might be affecting devices in your organization.

Other Resources