Forum Discussion

MuchoDefender's avatar
MuchoDefender
Copper Contributor
Sep 13, 2023

MDE Vulnerability Management - Baseline Assessment

hi,

 

my config: W11, trial M365 E5, MDE onboarded, trail paid add-on for Vulnerability Management assigned to the test user who logs on to my W11 test machine.

 

On this webpage

https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-security-baselines?view=o365-worldwide

 

we can see NOTE:

The benchmarks currently only support Group Policy Object (GPO) configurations and not Microsoft Configuration Manager (Intune).

 

Does anybody have any idea what on earth does that mean?

What GPO? What does MDVM has to do with GPO, especially if I am AADJoined.

Does that mean the paid feature for Vulnerability Management does not work on AADJ machines?

 

 

My AADJ W11 device is in the scope, the CIS assessment seems to apply to it but all settings show failed - seems like it did not manage to actually check anything.

 

How do I run CIS assessment on AADJ machines from MDE?

 

thanks!

  • Aragorn's avatar
    Aragorn
    Iron Contributor
    It means it can only detect GPO applied policies at the moment. So any policies that are applied through the CSP scope are not detected.

Resources