Forum Discussion
MDE policies not applied
Hello All,
We've configured SCCM to onboard devices using the Config Manager script. The devices are onboarding, but show different "Managed by" statuses in the MDE portal, such as Intune or MDE. Devices managed by MDE show applied policies, but those managed by Intune do not display any policies.
We aim to onboard devices through SCCM without pushing policies via SCCM. Once onboarded, policies should be managed through the MDE (security.microsoft.com) portal.
Despite following Microsoft guidelines, we're unable to view policies on the device tab, and reports from Intune show policy status as "Pending" for affected devices.
Any guidance on resolving this issue would be greatly appreciated.
Thanks,
- rahuljindal-MVPBronze ContributorIf the devices are Windows endpoints then I’ll suggest to configure Co-management, move the relevant workloads to Intune and onboard and manage devices for Defender using Intune. This will also enable you to leverage Conditional access policies to adopt on zero trust security framework.
- drivesafelyBrass Contributor
rahuljindal-MVP
Thanks for the quick reply.
To move the relevant workload for MDE, should we be moving the Endpoint Protection workload only?Thanks
- rahuljindal-MVPBronze ContributorEP is part of Device configuration, so when you move that, EP will move along with it. Also, I will suggest to move the Compliance Workload as well. Perhaps test all of it against Intune Pilot first.
- drivesafelyBrass Contributorrahuljindal-MVP
Can you please guide, if we use the enrollment option with Intune only, will it have any issues if SCCM client is installed and confirgured in all the Windows PCs?
Assuming there are no issues with having the SCCM client installed, what would be the best way to onboard Windows PCs to Intune? While we can manually onboard each PC by joining the work/school account to the Microsoft Entra ID account, this process is quite labor-intensive.
Is there a way to streamline this process, perhaps by configuring SCCM to onboard the Windows PCs automatically, or by using Group Policy?
We greatly appreciate your insights and guidance on this matter. Thank you!