IBP – HARDEN – Windows – Endpoint Analytics

✅ Enable Endpoint Analytics by allowing Windows Health Monitoring on all Windows devices.

➡️ This supports Essential Eight–aligned operational visibility by providing insight into device boot performance and Windows Update reliability, without impacting users or enabling unnecessary telemetry.

✅ Devices: All Windows 10/11 devices
🚫 Exclusions: None

➡️ Every enrolled Windows device reports health data required for Endpoint Analytics.

✅ Signals collected:

🚫 Not collected:

➡️ Only the minimum essential dataset required for Endpoint Analytics is enabled.

✅ Windows Health Monitoring is enabled at the OS level
✅ Monitoring scope limited to:

➡️ This allows Intune to surface high‑value analytics while keeping telemetry tightly scoped.

ℹ️ Note: No custom monitoring scopes are configured.

🚫 App health monitoring
🚫 Device reliability or process telemetry
🚫 Remote analytics signals
🚫 Custom analytics scopes

➡️ This is intentional to keep the policy lightweight and suitable for organisation‑wide deployment.

✅ Enabled
✅ Actively collecting Endpoint Analytics data

✅ Supports Essential Eight – Operational Visibility (Maturity Level 1)
✅ Enables measurement of:

ℹ️ Advanced analytics and extended telemetry are addressed in higher maturity levels.

This configuration policy ensures that:

✅ All Windows devices
✅ Provide basic health and update telemetry
✅ Enabling Endpoint Analytics insights in Intune

This delivers immediate operational value — such as identifying slow boot devices and update failures — while maintaining a minimal, non‑intrusive telemetry footprint aligned to Essential Eight Maturity Level 1.