Forum Discussion
MDE Updates on Co-Managed Devices
Thank you for the response.
Since no update profile is configured in Intune, could you confirm the current source of updates for the devices? Should they be receiving Defender updates through SCCM?
Additionally, could you provide further guidance on configuring Defender update controls within Intune? Is it the settings under the AV policy?
Not if you are managing Defender policies using Intune. If you have done onboarding using EDR then I am taking that you moved the endpoint security workload to Intune already. As for update process itself, here is something you can use a starting point. https://learn.microsoft.com/en-us/defender-endpoint/manage-gradual-rollout
Yes, we have successfully onboarded our devices using EDR and moved the Endpoint Security workload to Intune as part of the pilot phase.
Could you advise on how we can verify the source of Defender updates on these devices? Are there specific registry locations or PowerShell commands that would allow us to check where the Defender updates are being received from?
Try this - Software\Policies\Microsoft\Windows Defender\Signature Updates
I shall check the reg location. Thanks.
If we offboard a device locally using a script, will it automatically get onboarded again through the Intune EDR policy? Does the EDR policy onboard devices just once, or does it regularly check and re-onboard offboarded devices?