Forum Discussion

tk298's avatar
tk298
Copper Contributor
Sep 01, 2021

Microsoft Defender for Endpoint deployment to devices that aren't in a domain or active directory

We recently deployed Defender for Endpoint with Group Policy to the devices within the domain. And we are looking to deploy Defender to devices that aren't in the domain. I know we can use a local script to do it but is there a way to deploy Defender for Endpoint to devices that aren't company domain joined automatically or easily without having to go through them one at at time?

 

Thanks

  • pvanberlo's avatar
    pvanberlo
    Steel Contributor
    Besides the manual onboarding using a script, I don’t see how this would work when a device is not domain joined. There needs to be some mechanism to push or pull the scripts, so in those cases a third party app and/or backend infrastructure may be needed. Would Endpoint Manager/Intune enrollment for such devices be an option?
    • tk298's avatar
      tk298
      Copper Contributor
      Hey thanks for the response man. They do not have Intune yet but are considering it. Don't the devices have to have Intune to be in the MS Endpoint manager?
      • pvanberlo's avatar
        pvanberlo
        Steel Contributor
        The devices would need to be enrolled into Intune, yes. This is basically built into Windows 10, so technically you don’t need to install anything yourself. When doing an Azure AD Join for such devices they can automatically register for MDM.

        WSUS is also not really an option. You’d have to somehow push a package you create. WSUS isn’t built for that.
    • tk298's avatar
      tk298
      Copper Contributor
      Do you think WSUS could be an option?

Resources