Forum Discussion
Defender for Endpoint - ConfigMgr
mikhailf Yes, we used the "on-premise architecture" instructions from that link. We had an existing Antimalware Policy in ConfigMgr - and we used the onboarding file generated from 365 Defender and imported it into ConfigMgr and applied it to our device collection.
lloydz, please check that MDE security configuration management is not enabled in the Defender portal under Settings, Endpoints and Enforcement Scope since you are planning to use only SCCM.
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration
- That might be the issue then. That option was enabled. I've turned it off - should the devices update themselves or would we need to offboard them and onboard them again?
lloydz, everything should update the next time devices synced with the M365 Defender portal.
Check locally that the SCCM Antimalware policy has been applied correctly. You can try with the Powershell command Get-MpPreference, checking SCCM logs, RSOP.msc, etc.
- Turning off that setting has steadily decreased the number of "Managed by MDE", however, those that were managed by MDE now say "Unknown". What am I looking for exactly when I run "Get-MpPreference" that can tell whether it's managed by ConfigMgr?