Forum Discussion
tk298
Sep 01, 2021Copper Contributor
Microsoft Defender for Endpoint deployment to devices that aren't in a domain or active directory
We recently deployed Defender for Endpoint with Group Policy to the devices within the domain. And we are looking to deploy Defender to devices that aren't in the domain. I know we can use a local sc...
tk298
Sep 01, 2021Copper Contributor
Hey thanks for the response man. They do not have Intune yet but are considering it. Don't the devices have to have Intune to be in the MS Endpoint manager?
pvanberlo
Sep 01, 2021Steel Contributor
The devices would need to be enrolled into Intune, yes. This is basically built into Windows 10, so technically you don’t need to install anything yourself. When doing an Azure AD Join for such devices they can automatically register for MDM.
WSUS is also not really an option. You’d have to somehow push a package you create. WSUS isn’t built for that.
WSUS is also not really an option. You’d have to somehow push a package you create. WSUS isn’t built for that.
- tk298Sep 01, 2021Copper ContributorSo to summarize, you would say enrolling the devices into Intune is the best option for the devices not in the domain. Do you mind elaborating on why WSUS is a bad option even though its not domain based? Again, thanks for the response.
- pvanberloSep 01, 2021Steel ContributorThere’s a third party tool called WPP which can be used to publish custom packages using WSUS. So technically with some extra work you could potentially do it with WSUS. I’d still recommend against it though. Looking at the future it’s clear Microsoft has a vision that Endpoint Manager is the tool used for this. It also offers direct integration with Defender for Endpoint so you can enroll devices and do fancy things.
So if you absolutely must and want to invest time into the WSUS route, then yes, it’s likely possible.- tk298Sep 01, 2021Copper ContributorThank you for the information. I will try to encourage them to use Intune in that case.