Forum Discussion

John Matrix's avatar
John Matrix
Brass Contributor
Jul 16, 2022

MDE Onboarding Best Practices

We are migrating from Kaspersky to MDE.

Our plan for onboarding our devices:

 

-Windows Clients via MEM since they are HDJ and already enrolled in Intune.

-Windows Server Onboarding via GPO.

 

Windows Clients are pretty straightforward.

But Windows Server:

We have created a GPO with the installer script (install.ps1 from Github) to onboard 2012 R2 and 2016 - this should not be used for 2019 and above, right?

So a different GPO for Server 2019 and above with a scheduled task to trigger the onboarding cmd. 

We are thinking about using the security management feature so we could have everything in MEM, but since Domain Controllers can‘t be used we need GPO anyway.

 

Is this good practice or is there a better way?

 

Thanks.

 

cheers,

John

 

Resources