Forum Discussion

drivesafely's avatar
drivesafely
Brass Contributor
Aug 04, 2024

Defender for Endpoint policies assignment

Hello All,

 

I seek clarification regarding the assignment of Defender for Endpoint policies.

My objective is to create and implement Defender for Endpoint policies across all devices by default. I have a few concerns and would appreciate your insights on the following points:

 

1. Impact Scope: When applying these policies universally, will they affect only the devices that are already onboarded, or will there be any impact on other devices within our network?
2. Exclusion Management: After the policies are applied to all devices, is it possible to exclude certain devices by grouping them and specifying these exclusions within the relevant policies?

 

Your guidance on these matters would be greatly appreciated. Thank you,

 

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    Point 1 - It will depend on how you onboarded devices and what tool are you using to apply the policies, but in general policies should apply to just the onboarded devices.
    Point 2 - Again, it will depend on how are you applying the policies, but if we take Intune as the example, then yes you should be able to exclude a group of devices in assignments.
    • drivesafely's avatar
      drivesafely
      Brass Contributor
      rahuljindal-MVP
      Thanks for your response.
      The devices are onboarded through SCCM. We have created the policies in Endpoint Manager portal (security.microsoft.com).
      • micheleariis's avatar
        micheleariis
        Steel Contributor
        Hi, policies are applied only on the managed devices; if you are still using SCCM I guess you have a co-management mode; I usually for policies I make sure to assign them to all devices by default and add a security group where I go to enter the devices\users to be excluded from that policy; this way I am sure that security policies are always assigned.

Resources