Hey everyone! We recently rolled out Defender for Endpoint as part of our business premium licenses and it's been a bit of a nightmare. Our secure score has dropped significantly, and we're faced with a long list of issues across various areas that need fixing.
Although it looks straightforward at first glance, I'm finding it overwhelming to navigate and implement solutions. It's frustrating because many recommendations seem to address the same issues from different perspectives, and often I end up going in circles. For example, when I identify a vulnerability, it leads me to more sections and machines without a clear path forward.
Does anyone have any strategies or best practices to tackle this list effectively? Additionally, I've heard that using the recommended methods—like deploying settings via Intune instead of through our RMM—may be necessary for Defender to recognize the changes. Is that true? I'd love any insights you can share to help us get a handle on this!
5 Answers
Getting through the Defender noise can feel like a whack-a-mole game. I managed to get my score to 86% by implementing a few CIS benchmark policies and writing some PowerShell scripts to tackle specific recommendations for Teams and Exchange. Just keep in mind that changes can take a while—up to 72 hours—to reflect, especially if you're juggling multiple devices.
Sometimes, relying solely on built-in tools isn’t enough. You might need to use third-party tools or even create custom dashboards for better insights. Automating processes like patching and lifecycle management can also ease the burden. It’s crucial to have clear accountability within your organization—like making sure department heads know they’re responsible for resolving compliance issues that show up on reports.
I found out today that just using the Business Premium won’t necessarily help you get those secure points—even with everything set correctly. If your setup doesn't include Defender for Endpoint 2, you might not see any score improvement, which is a bummer for those of us in the same boat!
That’s what I figured! It makes all these settings feel pointless when you're not getting any credit for them.
Implementing these security solutions can feel like a never-ending race. A solid secure score requires consistent effort over the years. If you're really focused, a dedicated security engineer can help push you closer to a 90% score over time, but without the higher-tier licenses, aiming for 70-80% seems more realistic.
That’s the reality. It might be easy to raise the score if you throw money at it, but not all of us can do that.
One thing to keep in mind is that some solutions might just lead you to 'buy more products'. I've seen that firsthand with Azure P2, which messed up our security score pretty badly when we got it for free!
Yup, I've noticed a lot of upselling with these security tools too. It's frustrating!
That’s our main issue too—devices going offline while we’re trying to sort this. It's like they just join the ‘impaired sensor communications’ club.