Forum Discussion
Issues on-boarding to MDE
Hello folks,
A common or not so common question π€
Is it mandatory for a device to be 'Azure AD Joined' in order to be on-boarded to MDE?
I am using 'Configuration Profile ' to deploy the MDE agent on the devices.
The device which is Azure AD Joined appears on the device list although the one which is Azure AD registered, doesn't.
Although both the devices appear in the 'Success' section of the Configuration profile.
please share your insights!
- MikeSolom8Copper ContributorWe are Hybrid Azure AD joined and configs profile works fine with the onboarding to MDE via MS Intune.. It just delays for Unknown or MDE under Managed by on MDE portal.. π
- Yash_MudaliarIron Contributor
Actually, I realized today that it's not even about 'Joined' or 'Registered'. I managed to get the device Azure AD joined, still can't see it in MDE. I can fully manage the device from Intune apart from 'Updating the intelligence' (not sure why). I tried deploying the onboarding agent through the EDR policy as well and it shows 'Success' there, but no idea why the device won't appear in MDE. Ran the MDE client analyzer as well, all good there.
- JonhedSteel ContributorDid you check to see if the Sense service is running on the device?
If not, the onboarding did not succeed.
Also, did you use regular configuration profiles, or did you use the endpoint security policy?
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-policy
Using the endpoint security EDR policy might be worth a try if you used the configuration profile.
- jbmartin6Iron ContributorI've onboarded my personal devices, Windows and Linux, into MDE. None of them were joined to any AD or domain. I would say if you have a device that seems fine but isn't appearing in your MDE, check the SENSE event log.
- Yash_MudaliarIron ContributorDepends on what method you used. I can use the local script and get it on-boarded quickly. But that would be too easy. I want to know what's preventing the device to be on-boarded via Intune. And yes, I'm also doing this with my personal device.
- JonhedSteel Contributor
This really sounds like a weird situation, since the SENSE service running means it is onboarded to something.
Are you assigning the policies to devices in Intune, or users?Is the registered device running a supported edition of Win10/Win11( Pro, Education, Enterprise Edition)
Also real long-shot question, but did you check to make sure that the MDE organization ID on the device matches your M365D tenant?
Not that there would be a reason for this being different, especially if you are using the same policies for both the Azure AD Joined device and the Registered device..