Best Security Tools for Microsoft Intune

A community-driven security baseline framework for Microsoft Intune. Provides pre-configured security policies for Windows, Windows 365, and macOS aligned with NCSC, CIS Benchmarks, ACSC Essential Eight, and Microsoft best practices. Importable via IntuneManagement tool or native Intune import.

M.A.C.E. is a native macOS app that lets security teams build, customize, audit, and deploy macOS compliance baselines using the mSCP 2.0 framework without scripting. It offers a visual, three-panel editor with 500+ rules, real-time audit results, and exportable configuration profiles for MDMs such as Intune and Jamf. The tool prioritizes ease of use, cross-MDM readiness, and reproducible baselines.

A PowerShell module for validating Microsoft Defender for Endpoint configurations. Checks service status, real-time protection, cloud protection, ASR rules, network protection, tamper protection, SmartScreen policies, and MDE onboarding status with HTML and console reporting.

KuShu-Shimon Intune Stateful Device Fingerprinting (ISDF) provides a tamper-resistant device fingerprint for enrolled Windows devices, enforced via Intune Custom Compliance and DPAPI-encrypted baselines. In Cloud mode it attests fingerprints to Entra ID through APIM and a Logic App to enable trusted device filters, dynamic groups, and stronger Conditional Access policies. The solution collects on-device signals, stores encrypted baselines, self-heals missing keys, and reports ISDF booleans for compliant state.

A wrapper app that uses ShellRunAs to launch a target executable under a defined Active Directory domain user from non-domain-joined Windows devices. It enables cloud-managed devices to run legacy on-prem tools (RSAT) by prompting for domain credentials and launching the configured app with elevated rights. It relies on simple domain.txt and app.txt configuration and is packaged for Intune with explicit install/uninstall commands and a Start Menu entry.

This Intune-deployable script elevates the enrollment user to a local administrator on Windows devices. Packaged as an .INTUNEWIN app, it is deployed through Microsoft Intune to targeted users with install and uninstall commands to grant or revoke admin rights after enrollment. It uses a requirements check for detection and can be reconfigured later, providing an Autopilot-like capability fully managed by Intune.

A specialized search engine for discovering Kusto Query Language (KQL) queries. Features query discovery across Microsoft Sentinel, Defender, and Azure Data Explorer, along with a Query Assistant, Query Generator, Query Lab for testing, and Device Query functionality. Aggregates community-contributed hunting queries and detection rules for threat hunting, vulnerability management, and incident response.

Quick and Consistent PIM activation with bulk option

PIMBuddy helps you get a better overview about your PIM. It even let's you deploy PIM Policies and Groups within Seconds.