Start course

This course explores the suite of tools available in Microsoft Endpoint Manager for establishing and maintaining security posture in an organization. These include tools like Microsoft Intune, used for enrolling devices as well as creating and enforcing device compliance, and Microsoft Defender, used for implementing device antivirus and malware defense tools. This course will also review the activities involved in reducing attack surfaces in an organization that bad actors could use to penetrate and expose sensitive data. This sensitive data is protected through the implementation of attack surface reduction rules which are deployed through careful auditing and testing to prevent any loss of productivity. This course will also touch on the security baselines made available to organizations wishing to enact a more granular security posture and have access to tools like secure score for evaluating the effectiveness of these efforts against known best practices.  

Learning Objectives

  • Create a compliance policy 
  • Monitor enrolled devices
  • Setup surface attack reduction rules
  • Deploy surface attack reduction rules
  • Review security baselines
  • Examine Microsoft secure score

Intended Audience

This course is designed for individuals who are responsible for setting up and monitoring device compliance and security in Microsoft 365 as well as those pursuing Microsoft certifications.


To get the most from this course, you should have some familiarity and experience with the Microsoft 365 security suite of tools including Microsoft Endpoint Manager.  


Let's review some of the major topics from our manage device compliance course. In the first lecture group, we reviewed how to use Microsoft Endpoint Manager to administer programs like Intune, where we can set up and deploy compliance policies to enroll devices. These devices can either be owned by the organization or by the employee, and once enrolled in Intune, can be tracked for compliance in company policies around accessing email or securing the device with a passcode. We reviewed how to build groups and conditional access policies and what actions we can take when the device is found to be out of compliance. We also step through the process of creating a compliance policy from the Endpoint Manager admin portal.

In the second lecture group, we acknowledged all of the vulnerable attack surfaces that exist on our organization devices and networks. We understood that by reducing these attack surfaces, we can reduce the risk of bad actors and malicious code from impacting our business processes. These rules are implemented in Microsoft Endpoint Manager and Microsoft Defender. We also reviewed how to properly implement these rules through a four-step process where rules are first tested in audit mode, prior to releasing fully to the business. This helps us prevent unwanted interruptions to productivity and to also understand where exclusions may be necessary.

In the last lecture group, we reviewed the security baselines that Microsoft provides to organizations that wish to have more granular control on their Microsoft 365 environment and Windows devices. These baselines are obtained from the Microsoft download center and implemented in Microsoft Endpoint Manager and Microsoft Defender. Here, we can review our secure score which communicates which actions we have taken to improve our security posture and what further actions can be taken. The score is an easy way to evaluate our actions against known best practices. We also reviewed how programs like Azure Identity Protection used machine learning algorithms to study sign in habits and flag activities that might be suspicious and worth deeper investigation.

About the Author

Steve is an experienced Solutions Architect with over 10 years of experience serving customers in the data and data engineering space. He has a proven track record of delivering solutions across a broad range of business areas that increase overall satisfaction and retention. He has worked across many industries, both public and private, and found many ways to drive the use of data and business intelligence tools to achieve business objectives. He is a persuasive communicator, presenter, and quite effective at building productive working relationships across all levels in the organization based on collegiality, transparency, and trust.