Forum Discussion

drivesafely's avatar
drivesafely
Brass Contributor
Aug 07, 2024

MDE policies not applied

Hello All,

We've configured SCCM to onboard devices using the Config Manager script. The devices are onboarding, but show different "Managed by" statuses in the MDE portal, such as Intune or MDE. Devices managed by MDE show applied policies, but those managed by Intune do not display any policies.

We aim to onboard devices through SCCM without pushing policies via SCCM. Once onboarded, policies should be managed through the MDE (security.microsoft.com) portal.

Despite following Microsoft guidelines, we're unable to view policies on the device tab, and reports from Intune show policy status as "Pending" for affected devices.

Any guidance on resolving this issue would be greatly appreciated.

Thanks,

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    If the devices are Windows endpoints then I’ll suggest to configure Co-management, move the relevant workloads to Intune and onboard and manage devices for Defender using Intune. This will also enable you to leverage Conditional access policies to adopt on zero trust security framework.
    • drivesafely's avatar
      drivesafely
      Brass Contributor

      rahuljindal-MVP
      Thanks for the quick reply.
      To move the relevant workload for MDE, should we be moving the Endpoint Protection workload only?

      Thanks

      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        EP is part of Device configuration, so when you move that, EP will move along with it. Also, I will suggest to move the Compliance Workload as well. Perhaps test all of it against Intune Pilot first.
    • drivesafely's avatar
      drivesafely
      Brass Contributor
      rahuljindal-MVP

      Can you please guide, if we use the enrollment option with Intune only, will it have any issues if SCCM client is installed and confirgured in all the Windows PCs?

      Assuming there are no issues with having the SCCM client installed, what would be the best way to onboard Windows PCs to Intune? While we can manually onboard each PC by joining the work/school account to the Microsoft Entra ID account, this process is quite labor-intensive.

      Is there a way to streamline this process, perhaps by configuring SCCM to onboard the Windows PCs automatically, or by using Group Policy?

      We greatly appreciate your insights and guidance on this matter. Thank you!

Resources