Forum Discussion
Defender for Endpoint policies assignment
Hello All, I seek clarification regarding the assignment of Defender for Endpoint policies. My objective is to create and implement Defender for Endpoint policies across all devices by default. ...
Point 1 - It will depend on how you onboarded devices and what tool are you using to apply the policies, but in general policies should apply to just the onboarded devices.
Point 2 - Again, it will depend on how are you applying the policies, but if we take Intune as the example, then yes you should be able to exclude a group of devices in assignments.
Point 2 - Again, it will depend on how are you applying the policies, but if we take Intune as the example, then yes you should be able to exclude a group of devices in assignments.
rahuljindal-MVP
Thanks for your response.
The devices are onboarded through SCCM. We have created the policies in Endpoint Manager portal (security.microsoft.com).
Thanks for your response.
The devices are onboarded through SCCM. We have created the policies in Endpoint Manager portal (security.microsoft.com).
- Hi, policies are applied only on the managed devices; if you are still using SCCM I guess you have a co-management mode; I usually for policies I make sure to assign them to all devices by default and add a security group where I go to enter the devices\users to be excluded from that policy; this way I am sure that security policies are always assigned.
