Forum Discussion

niclasheu's avatar
niclasheu
Copper Contributor
Apr 10, 2022

Error when enrolling Windows into Endpoint Protection with Intune

Hey!

 

We're currently trying endpoint protection with Intune. I managed to get macOS with Endpoint Protection configured and enrolled iOS devices as well, but am struggling with Windows.

 

I have followed this guide: https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure

 

In Windows Company Portal I get the error that I need to enrol the device with Endpoint Manager, and in admin centre the devices are marked as non-compliant with this failing "Require the device to be at or under the machine risk score:". The risk score is on Medium. The policy is assigned to all users. 

 

In endpoint protection setup in the admin panel, it gives me this error: The Microsoft Defender for Endpoint connector is active for Windows but not included in an assigned compliance policy. To protect these platforms, click here to set up a compliance policy with the Machine Risk Score setting configured in the Microsoft Defender for Endpoint section."

 

This makes no sense to me, as it is set and assigned to all users. Does anybody have an idea? 

  • shehanjp's avatar
    shehanjp
    Iron Contributor
    Hi,
    If I get the issue right, this is related to device compliance and you setup the desired level you chosen was Medium.
    Ideally the machine needs to be at or under Medium to be "Complied".

    Is there any particular reason why you applied the policy to "All Users" but not to a Device Group or "All Devices"?

    Cheers!
    • niclasheu's avatar
      niclasheu
      Copper Contributor

      Hey shehanjp!

       

      I just double-checked and the compliance policy only allows me to assign at a user level. I can select a user group or all users, but not all devices.

       

      Thanks!

Resources