|
| 1 | +--- |
| 2 | +title: Endpoint security policies in multitenant management |
| 3 | +description: Learn how to manage endpoint security policies in multi-tenant management in Microsoft Defender XDR. |
| 4 | +ms.service: defender-xdr |
| 5 | +ms.author: diannegali |
| 6 | +author: diannegali |
| 7 | +ms.localizationpriority: medium |
| 8 | +manager: denisemb |
| 9 | +audience: ITPro |
| 10 | +ms.collection: |
| 11 | + - m365-security |
| 12 | + - highpri |
| 13 | + - tier1 |
| 14 | +ms.topic: conceptual |
| 15 | +ms.date: 04/26/2024 |
| 16 | +appliesto: |
| 17 | + - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a> |
| 18 | +--- |
| 19 | + |
| 20 | +# Endpoint security policies in multitenant management |
| 21 | + |
| 22 | +[!INCLUDE [Prerelease](../includes/prerelease.md)] |
| 23 | + |
| 24 | +> [!IMPORTANT] |
| 25 | +> The Endpoint security policies page is available only for [users with the security administrator role in Microsoft Defender XDR](/defender-endpoint/assign-portal-access). Any other user role, such as Security Reader, cannot access the portal. When a user has the required permissions to view policies in the Microsoft Defender portal, the data is presented based on Intune permissions. If the user is in scope for Intune role-based access control, it applies to the list of policies presented in the Microsoft Defender portal. We recommend granting security administrators with the [Intune built-in role, "Endpoint Security Manager"](/intune/fundamentals/role-based-access-control#built-in-roles) to effectively align the level of permissions between Intune and Microsoft Defender XDR. |
| 26 | +
|
| 27 | +> [!NOTE] |
| 28 | +> The endpoints security policies page is not yet available for tenants with Microsoft Defender for Business licenses. |
| 29 | +
|
| 30 | +The **Endpoint security policies** page in multitenant management gives you access to manage security settings on your tenants' devices. Navigate to the page through **Configuration management > Endpoint security policies**. |
| 31 | + |
| 32 | +:::image type="content" source="/defender-xdr/media/multi-tenant/endpoint-security-policy/navigation-mto-endpoint-policies-small.png" alt-text="Screenshot of the endpoint security policies page in multitenant management in Microsoft Defender XDR." lightbox="/defender-xdr/media/multi-tenant/endpoint-security-policy/navigation-mto-endpoint-policies.png"::: |
| 33 | + |
| 34 | +To know more about endpoint security policy types, see [Manage endpoint security policies in Microsoft Defender for Endpoint](/defender-endpoint/manage-security-policies). |
| 35 | + |
| 36 | +> [!TIP] |
| 37 | +> Security administrators must have permissions in each tenant to access the endpoint security policies page in multitenant management. |
| 38 | +
|
| 39 | +From the page, you can search for a specific policy by using the **Search** function. You can also **Filter** the policies according to tenant name, policy category, policy type, and targets. You can view, create, edit, or delete a security policy on a single tenant only through the page. |
| 40 | + |
| 41 | +> [!NOTE] |
| 42 | +> Creating one policy for multiple tenants is not yet supported. |
| 43 | +
|
| 44 | +## Create a new security policy |
| 45 | + |
| 46 | +To create a new security policy, perform the following steps: |
| 47 | + |
| 48 | +1. Sign in to the Microsoft Defender portal using a security administrator role. |
| 49 | +2. From the main menu, select **Configuration management > Endpoint security policies**, then select **Create new Policy**. |
| 50 | +3. Select a tenant, platform, and a template in the dropdown menus. Then select Create policy. |
| 51 | + :::image type="content" source="/defender-xdr/media/multi-tenant/endpoint-security-policy/mto-create-policy-small.png" alt-text="Screenshot of the policy creation page in endpoints security policy page in multitenant management." lightbox="/defender-xdr/media/multi-tenant/endpoint-security-policy/mto-create-policy.png"::: |
| 52 | +4. On the **Basics** page, enter a name and description for the new policy, then choose **Next**. |
| 53 | +5. On the **Configuration settings** page, expand a group of settings and configure the settings you need to manage the endpoints in the tenant. Select **Next** once you’re done with the configuration. |
| 54 | +6. On the **Assignments** page, select the groups where the policy will apply, then select **Next**. |
| 55 | +7. Review your new policy’s settings on the **Review + create** page, then select **Save** when you're done. |
| 56 | + |
| 57 | +After creating, the Microsoft Defender portal opens a new window showing the new policy's details. |
| 58 | + |
| 59 | +> [!NOTE] |
| 60 | +> To edit the scope tags, you'll need to go to the [Microsoft Intune admin center](https://intune.microsoft.com/). Editing scope tags must be done in the single tenant portal as multitenant management is not yet supported in the Intune admin center. |
| 61 | +
|
| 62 | +## Edit a security policy |
| 63 | + |
| 64 | +To edit an existing security policy, perform the following steps: |
| 65 | + |
| 66 | +1. In the **Endpoint security policies** page, select the policy you want to edit and then select **Edit**. |
| 67 | +2. In the side panel, select **Edit** to edit the policy. |
| 68 | +3. Modify the policy’s settings and configuration in the next pages. |
| 69 | +4. After you've made changes, select **Save** to save your edits. |
| 70 | + |
| 71 | +You can delete a security policy by selecting the policy in the Endpoint security policies page, then selecting **Delete**. |
| 72 | + |
| 73 | +:::image type="content" source="/defender-xdr/media/multi-tenant/endpoint-security-policy/mto-edit-policy-small.png" alt-text="Screenshot of the editing pane for endpoint security policies page in multitenant management in Microsoft Defender XDR." lightbox="/defender-xdr/media/multi-tenant/endpoint-security-policy/mto-edit-policy.png"::: |
| 74 | + |
| 75 | +## Verify endpoint security policy status |
| 76 | + |
| 77 | +To verify that you have successfully created a policy, select the policy from the list and click on the policy name to open the policy page. You can also view the policy page through **Edit > Open policy page**. The policy page opens in a new tab. |
| 78 | + |
| 79 | +The policy page displays details of an endpoint security policy, including the status, which devices the policy applies to, and the assigned groups. |
| 80 | + |
| 81 | +:::image type="content" source="/defender-xdr/media/multi-tenant/endpoint-security-policy/mto-policy-page-small.png" alt-text="Screenshot of the policy page in multitenant management in Microsoft Defender XDR." lightbox="/defender-xdr/media/multi-tenant/endpoint-security-policy/mto-policy-page.png"::: |
| 82 | + |
| 83 | +You can also view the policy in the Microsoft Intune admin center. To do so, select the More actions ellipsis (…) in the policy page, then select **View in Intune**. |
| 84 | + |
| 85 | +[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)] |
0 commit comments