Forum Discussion
Endpoint security policies not applicable
Hello,
We've started to rollout Windows Defender for our customers. Some of our customers devices are not Intune enrolled users login with local profiles. The devices are showing as managed by MDE. In the security portal we've enabled, Use MDE to enforce security configuration settings from Intune. In the Intune portal we created AV, Firewall and Attack Surface Reduction policies but some of the policies are reporting as not applicable and not applying to the devices. We created an ASR rule to block child processes but it's reporting as not applicable for all devices. We are also testing a block usb access policy and this is showing as not applicable on that test device. Same with an AV rule we have one created to control security center UI. The policies are being applied to a dynamic security group that targets OStype Windows.
When I view the report to check why it's not applicable it doesn't show me anything. Can someone tell why the policy would be reporting as not applicable?
3 Replies
I have the same problem with a series of devices when trying to deploy by intune.
The devices show as being MDE= Intune enrolled. So not sure why this isn't happening. Did you ever get an answer for this?
I am investigating further so if make any progress I will let you know- Then looking at your devices what does the managed by column say? If its says MDE then you need to create security policy management in MDE console. If it says Intune you would create the policy in Intune. Unless I didn't understand the question completely.
Thanks for your reply. We use business premium licences and enabled the setting in security centre for Intune to manage the policies. My understanding is this should be possible as per the below link?
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#windows
