Forum Discussion
Microsoft Defender for Endpoint Device group question
I know Defender in general is extra user friendly but for the Defender for endpoint to work properly, do I need to put all devices in a machine group and set a remediation level? All the training vid...
Hi,
In our scenario we started with Desktops & Server groups with full auto remediation on Desktops and only partial on Servers. Then due to deleted devices being stuck in Defender for at least 30 days we created a Deleted Tag and Group so I could filter them out of our security score and vulnerability exposure score.
Over time we ended up splitting the server groups into two so Critical Services and Non-Critical services had different remediation options. This was just done as a precaution as we wanted to removed the risk of an automatic remediation causing any issues (critical servers are set as "Semi - Require approval for core folders")
In our scenario we started with Desktops & Server groups with full auto remediation on Desktops and only partial on Servers. Then due to deleted devices being stuck in Defender for at least 30 days we created a Deleted Tag and Group so I could filter them out of our security score and vulnerability exposure score.
Over time we ended up splitting the server groups into two so Critical Services and Non-Critical services had different remediation options. This was just done as a precaution as we wanted to removed the risk of an automatic remediation causing any issues (critical servers are set as "Semi - Require approval for core folders")