Forum Discussion
MDE Updates on Co-Managed Devices
Hello Team,
We've onboarded our devices to Microsoft Defender for Endpoint (MDE) with the following setup:
- Devices are hybrid-joined to Entra.
- Enrolled in Intune via on-prem SCCM co-management.
- Onboarded to MDE from Intune through an EDR policy.
Previously, these devices used a third-party EDR, with Defender disabled via Group Policy. After removing the third-party EDR, we found many devices with outdated Defender updates (from 2019), as follows:
- Security Intelligence: Version 1.303.25.0
- Engine: 1.1.16400.2
- Platform: 4.18.1909.6
Currently, SCCM manages the "Windows Update policies" workload in this co-managed environment. However, post-onboarding, Defender updates are not being applied through SCCM.
Could someone advise on how to ensure these devices receive the latest Defender updates, or suggest troubleshooting steps?
Thank you
8 Replies
You don't need to move the Windows Update workload to Intune to manage Defender updates using Intune. Just create\enable the Defender AV updates using Intune. You can use the built-in Defender Update Controls profile under endpoint security.
Thank you for the response.
Since no update profile is configured in Intune, could you confirm the current source of updates for the devices? Should they be receiving Defender updates through SCCM?
Additionally, could you provide further guidance on configuring Defender update controls within Intune? Is it the settings under the AV policy?
Not if you are managing Defender policies using Intune. If you have done onboarding using EDR then I am taking that you moved the endpoint security workload to Intune already. As for update process itself, here is something you can use a starting point. https://learn.microsoft.com/en-us/defender-endpoint/manage-gradual-rollout
