Forum Discussion
Issues Enrolling Devices to Microsoft Defender for Business via Intune
Hi All,
I am in the process of adding devices (Mainly Surfaces) onto Microsoft Intune and enrolling them into Microsoft Defender for Business. Everything appears to be correct and I have followed countless guides to ensure this, but the devices aren't automatically enrolling to Defender.
I have even manually added devices into Microsoft Defender and they all appear as 'Onboarded', but under Assets > Devices, but when checking the Antivirus policies on Intune which is applied to all devices, the assignment status is showing as pending for all devices.
Does anyone have any idea why these aren't connecting?
- AlikocIron Contributor
Hello,
If you are using a hybrid structure, can you verify that the devices are included as hybrid joined? Also, can you perform the following checks respectively?Check Defender for Endpoint Licensing and Configuration: Ensure that the devices are assigned the correct Microsoft Defender for Endpoint licenses, and the Defender for Endpoint integration is properly configured within Microsoft Intune.
Network or Proxy Settings: Ensure there are no network or proxy issues blocking the devices from contacting Defender for Endpoint or Intune services. Sometimes network restrictions can cause these types of connectivity issues.
Review Event Logs on Devices: Check the event logs on the Surface devices for any errors related to Intune or Defender onboarding. Look in the DeviceManagement-Enterprise-Diagnostics-Provider log for errors related to Intune policy assignments.
I am waiting for your feedback.
Best Regards,
Ali Koc
- JL_SECCopper Contributor
Hi Ali,
Thank you for your reply, I can confirm:
- None of the devices are hybrid, only joined via Entra
- All devices are licenced with Microsoft 365 Business Premium, and the Defender for Endpoint integration is properly configured
- As far as I am aware, there are no network or proxy issues, and has been tested via two different office networks
- Event logs on our test device shows no event with an ID of 75 (successful auto-enrollment) or 76 (failed auto-enrollment), but it does show event 72 which is 'MDM Enroll Succeeded'
Thanks,
- AlikocIron Contributor
Hello,
And is your environment a hybrid environment? Or do you manage a full cloud environment?
Apart from that, do you have an SCCM in your structure?