Forum Discussion
I have a query on cloud servers can be best managed by Intune / SCCM?
I have attempted the security management feature using Intune as suggested by rahuljindal-MVP. Onboarding the server to MDE, and then tagging the device with the MDE-Management tag and configured the settings between and Intune / MDE. The server showed up in Intune as "managed by MDE", but when you assign any type of AV policy to it from Intune, it never gets to the device or shows up in the assignment reports. I've had a ticket going with Microsoft now for several weeks. Have you actually seen this work in a production environment? Microsoft can't seem to confirm, and it still hasn't been proven to work.
Are the services reporting onboarded in Defender? If yes, then what is the AV status? Also, what is the OS of the servers and how are you assigning the policies? How have you created the Entra ID group? Another requirement is Defender for Servers licensing, however this is mostly for compliance purposes. You should still be able onboarding and manage the servers for MDE policies using Intune. I have implemented the solution for a number of customers so let me know if you have any questions.
Servers are onboarded to Defender, and then tagged with the 'MDE-Management' tag. After being tagged, they then show up in Intune as 'managed by MDE'. So following the doc, https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration, it all aligns up until the point where you target an AV or ASR policy to an Entra ID group that contains the Servers.
No errors in the policy assignment report in Intune, it doesn't get listed at all, as if it were never targeted.
Running the "MDE Client Analyzer" tool locally on the server, it does provide an error describing exactly what i am experiencing. But there is no detail as to why the assignment failed. Below is a snip from the analyzer report.Please provide the snippet of the actual error. If the MDE connection analyser is throwing errors then you maybe missing some pre-requisites.