Forum Discussion

Ari_R420's avatar
Ari_R420
Copper Contributor
Feb 16, 2022

Defender for Endpoint On-boarding Differences

Hi There,   I am trying to deploy Defender for Endpoint via MEM using Plan 2 licensing.   With the initial device on-boarding, there appears to be two ways to do the on-boarding:   Devices > C...
Intune
Ari_R420's avatar
Ari_R420
Copper Contributor
Mar 07, 2022
Hi shehanjp

I appreciate you taking the time to respond to my post.

Your Option 4 is where I see a lot of differences in the Defender literature.
https://shehanperera.com/2022/01/26/4-onboarding/

Some say you only need the config policy if you don't have an API connection between Defender and Intune:
https://youtu.be/TK3s_Hgc6kk?t=157

And both your post/Youtube are a bit different from some of the MS Docs, which I think is recommending on-boarding devices in Defender through an Endpoint > Endpoint Detection and Response profiles:

https://docs.microsoft.com/en-us/learn/modules/m365-get-started-defender-endpoint/set-up-onboard-devices?ns-enrollment-type=LearningPath&ns-enrollment-id=learn-m365.m365-defender-endpoint-secure-organization

I see the value in having a policy there in case the API fails or is experiencing degradation, but whether I do that through Configuration Profiles or through Endpoint Security is a little confusing as Defender literature is a bit contradictory.
shehanjp's avatar
shehanjp
Iron Contributor
Mar 08, 2022

Hi Ari_R420,

 

I think what he is discussing in the YouTube clip is this section of the page https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure#create-the-device-configuration-profile-to-onboard-windows-devices

Also I guess you are correct and my apologies for directing you in a wrong path and I also have amend my blog post, so thanks for pointing that out 🙂

 

It sounds like when you set the connection between Defender and Intune, Defender will send the onboarding/ offboarding packages to Intune and you are all set.

You can use the config profiles as a backup but then you must see the options to specify onboarding and offboarding blobs in the settings - meaning the API connection is not successful.

I believe the Endpoint SecurityMicrosoft Defender for Endpoint >Create a device configuration profile to configure Microsoft Defender for Endpoint sensor goes to the same place as Tenant Administration > Connectors and Tokens > Microsoft Defender for Endpoint

 

Hope this clears the issue 🙂

 

Cheers!
Shehan.

  • natehutch's avatar
    natehutch
    Brass Contributor
    Mar 08, 2022
    Yep shehanjp is correct here - Just enable Defender/Intune integration and deploy using Endpoint Security, the onboarding blob etc is taken care of automatically