Forum Discussion
tk298
Sep 01, 2021Copper Contributor
Microsoft Defender for Endpoint deployment to devices that aren't in a domain or active directory
We recently deployed Defender for Endpoint with Group Policy to the devices within the domain. And we are looking to deploy Defender to devices that aren't in the domain. I know we can use a local script to do it but is there a way to deploy Defender for Endpoint to devices that aren't company domain joined automatically or easily without having to go through them one at at time?
Thanks
- pvanberloSteel ContributorBesides the manual onboarding using a script, I don’t see how this would work when a device is not domain joined. There needs to be some mechanism to push or pull the scripts, so in those cases a third party app and/or backend infrastructure may be needed. Would Endpoint Manager/Intune enrollment for such devices be an option?
- tk298Copper ContributorHey thanks for the response man. They do not have Intune yet but are considering it. Don't the devices have to have Intune to be in the MS Endpoint manager?
- pvanberloSteel ContributorThe devices would need to be enrolled into Intune, yes. This is basically built into Windows 10, so technically you don’t need to install anything yourself. When doing an Azure AD Join for such devices they can automatically register for MDM.
WSUS is also not really an option. You’d have to somehow push a package you create. WSUS isn’t built for that.
- tk298Copper ContributorDo you think WSUS could be an option?