Microsoft
Microsoft
Not an expert in this area, but there is something ongoing motivated by Defender, which allows hybrid joined Windows Server to be managed through "Intune". But not all the same way as Clients.
Yet they could receive policy via Intune MDM if I understood correctly [2], [3]. This means you might also push CSP policies to Windows Server in intune.microsoft.com > Endpoint Security, which includes our Windows LAPS.
I don't like it, as this excludes at least all Windows Server core installation as mentioned above and I hope this feature / support discrepancy will be solved in future. Does not make much sense to drop installation of Windows Server core just because of this limitation [3].
sources:
[1] https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?pivots=mdssc-ga
[2]https://www.linkedin.com/pulse/manage-windows-servers-defender-endpoint-intune-dean-ellerby
[3] https://learn.microsoft.com/en-us/entra/identity/devices/hybrid-join-plan