Forum Discussion
Migrating computers that had GPOs that disabled Defender Firewall and Antivirus.
- tylderlurdenFeb 02, 2023Brass Contributor
It doesn't appear that the policies are working even though I can see them applied. For example defender endpoint says firewall is enabled on domain\private\public with no exceptions and I still can ping the machine in question. Thinks like that.
Is there a command prompt to force a client to check in with Defender endpoint? I already tried to sync the client in the intune interface.
Also, I may be a little confused on where to enroll these devices. I thought the place to manage windows defender would be Microsoft Endpoint Manager. However, after reading this:
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?view=o365-worldwide
It appears that maybe I shouldnt be using MDE. "With this capability, devices that aren’t managed by a Microsoft Endpoint Manager service can receive security configurations for Microsoft Defender for Endpoint directly from Endpoint Manager."
My devices are enrolled in MEM and can be managed by MEM.
"When a device is managed by Endpoint Manager (enrolled to Intune) the device won't process policies for Security Management for Microsoft Defender for Endpoint. Instead, use Intune to deploy policy for Defender for Endpoint to your devices."
- rahuljindal-MVPFeb 03, 2023Bronze ContributorYes in your case using Intune to manage the policies looks like the logical option. You can check MDM diagnostic report, device events to see if the Defender policies are applying correctly or not. Do you have the devices onboarded on Defender for endpoint as well? If yes, then you can check under vulnerability recommendations in Defender Portal as well.