Microsoft Intune: Intune settings available in Catalog and Account Protection template for Adminless feature

🚨 The Signal: Intune now allows 'Adminless' device settings to be configured via the Settings Catalog and Account Protection template. This simplifies deploying secure configurations for non-admin users, enhancing endpoint security posture.

The Impact

Security teams and Intune admins are affected, enabling improved endpoint security posture by enforcing 'Adminless' configurations.

• Security Teams: Reduced attack surface by enforcing least privilege on endpoints.
• Intune Admins: Simplified deployment of critical security settings.
• End Users: More secure device configurations with minimal disruption.
• Compliance Officers: Easier demonstration of endpoint hardening controls.

The Action

1. Navigate to Microsoft Intune admin center > Devices > Configuration profiles.
2. Create a new profile > Windows 10 and later > Settings catalog.
3. Search for and add 'Adminless' related settings to enforce desired configurations.
4. Alternatively, navigate to Endpoint security > Account protection and configure relevant settings.
5. Assign the profile to appropriate user or device groups.

Domain: Intune · Impact: medium · Workload: Intune · Essential Eight: Restrict Administrative Privileges, User Application Hardening · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1412, ISM-1485, ISM-1486, ISM-1507, ISM-1508, ISM-1509, ISM-1542, ISM-1585, ISM-1647, ISM-1648, ISM-1650, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1686, ISM-1688, ISM-1689, ISM-1823, ISM-1824, ISM-1859, ISM-1860, ISM-1883, ISM-1897, ISM-1898