Forum Discussion
Microsoft Defender for Endpoint deployment to devices that aren't in a domain or active directory
We recently deployed Defender for Endpoint with Group Policy to the devices within the domain. And we are looking to deploy Defender to devices that aren't in the domain. I know we can use a local sc...
So to summarize, you would say enrolling the devices into Intune is the best option for the devices not in the domain. Do you mind elaborating on why WSUS is a bad option even though its not domain based? Again, thanks for the response.
There’s a third party tool called WPP which can be used to publish custom packages using WSUS. So technically with some extra work you could potentially do it with WSUS. I’d still recommend against it though. Looking at the future it’s clear Microsoft has a vision that Endpoint Manager is the tool used for this. It also offers direct integration with Defender for Endpoint so you can enroll devices and do fancy things.
So if you absolutely must and want to invest time into the WSUS route, then yes, it’s likely possible.
So if you absolutely must and want to invest time into the WSUS route, then yes, it’s likely possible.
- Thank you for the information. I will try to encourage them to use Intune in that case.