Forum Discussion
Defender for Endpoint noob questions...
Hi everyone, I am quite new to Defender for Endpoint therefore thought this resource would be useful for learning. Recently one of our customers subscribed to Defender for Endpoint P2. The cu...
We are using it without MEM or much in the way of GPOs. There are certain features, like ASR rules, that need MEM or GPO to manage them, but nothing I would call critical. We do have a couple settings like client latency set via GPO, you would have to set those locally on workgroup PCs with a script or something similar. A bit of a pain but not the sort of thing you would change very often. If you are happy with the setting put in by the onboarding script then you wouldn't have to do anything.
- "If you are happy with the setting put in by the onboarding script then you wouldn't have to do anything." What setting are you referring to here please? Just the default configuration of Defender AV? Does the onboarding script just create a vanilla configuration of Defender AV?
- There are a few settings related to the MDE client service configuration only, such as client latency and proxy settings. One thing to remember is that Defender AV, ASR rules, and other host configuration items are not really part of Defender for Endpoint, they are separate tools and are managed separately. MDE adds some threat intelligence and consumes telemetry events from them, but doesn't manage them.
As you have already seen, Defender AV for example isn't managed through MDE at all. It can be managed through MEM or GPO, and you don't need MDE to use it. Same with ASR rules.
In other words, the MDE onboarding script, or GPO, or MEM package, don't configure Defender AV etc. at all, that is something you have to do separately.
