In the current release of Windows Intune, Windows Intune Endpoint Protection is only installed if a policy is created to require this installation on newly enrolled clients. In the upcoming release of Windows Intune, the endpoint protection client will be installed on computers with Windows Intune, unless a policy is created to prevent this installation. This change is being made in response to customer feedback, and to better secure computers running Windows Intune.
After this change is made you will have 3 options to control the install of Windows Intune Endpoint Protection. The policy setting is part of the Windows Intune Agent Settings policy.
1. No policy (Default setting): All machines will receive Windows Intune Endpoint Protection
2. Install Endpoint Protection Policy set to “Yes”: Machines with this policy deployed will receive Windows Intune Endpoint Protection
3. Install Endpoint Protection Policy set to “No”: Machines with this policy deployed will not receive Windows Intune Endpoint Protection and existing installs of Windows Intune Endpoint Protection will be uninstalled
Screenshot of the policy setting:
The Windows Intune Team
Thanks for announcing the change! It might be an idea to include the no policy-default behaviour in the pop up help text. Perhaps it's included in the release, but doesn't appear to be in the screenshot (which may be of the current/old version). A separate
request on the subject of IEP would be to retain data about detected malware for MUCH, MUCH longer than the current 30 days limit - up to 2 years would be helpful.
I would just like to see the specifics of malware infections. Currently I have to go to the machine and open the client history to see where the infected file is. Most products I have worked with show this in the portal...c:\user\xxx\infected.mal