This article is a check list of the critical items to check to ensure your computers are baseline secure. Of course, baseline is something you should determine, not me. Here;s a quick list. You may be able to use InTune to manage these items and more.
Table of Contents
Make sure Windows is set to auto download and install updates. Verify that updates are being applied either using a reporting system or manually checking. Also make sure the settings for automatically receiving updates and applying them is enabled in the Advanced options.
Windows Security Settings
Make sure Windows built-in security settings are enabled. These are generally very safe to use. These settings can be enforced by group policies or InTune. These settings can usually be used with popular antivirus systems.
Antivirus features and updates
Make sure your antivirus software is configured to download and apply patches automatically (they usually are by default) and that security features are enabled (that you want). Here we’re using BitDefender. Periodically check that your antivirus is running, getting updates, and has the features that you want enabled.
If you backup your end-points, make sure that’s working. Here we’re using Synology Drive Client. Configure the backup client to exclude unnecessary files but include at least the Desktop, Documents, Downloads and Pictures. If you’re using OneDrive or something similar, you might be better to use that.
Make sure you’re using full-disk encryption such as the Windows BitLocker. Save the recovery key to Azure AD or wherever you prefer. Ensure that all local disks are encrypted.