Forum Discussion

AusA380's avatar
AusA380
Copper Contributor
May 02, 2022

Need some help implementing Defender for Endpoints

Hi Everyone,

 

I'm working on implementing Defender for Endpoints for our servers (2012r2, 2016 & 2019) currently. I'm needing some help on the steps required to get it working. For reference, this is what I've done:

 

- Hybrid environment, however I've noticed that only users are syncing via Azure AD Connect and hybrid Azure AD join isn't configured.

- I've turned the preview settings, etc on for Defender for Endpoints in Intune and the Defender portal.

- I have onboarded some of the servers and they appear in the Defender portal with their details, but do not show in Intune (I take it they should appear here so I can assign Defender config settings)?

- There is an LDAP API error on the servers in the Defender portal - I'm thinking this is due to them not being in Azure AD?

 

Is the solution as simple as configure computer sync/Azure AD hybrid join? I'm just wanting the servers to get the Defender for Endpoints settings and not be managed by Intune if possible.

 

Thank you for any assistance!

2 Replies

  • denting24by7's avatar
    denting24by7
    Copper Contributor
    May 03, 2022

    Are you trying to manage endpoint exclusions for servers via Intune? If you are, I feel your pain. I am trying to add exclusions to Microsoft Servers of various versions Defender settings. Outside of using a GPO, or SCCM. I can't find anything of use. All I have is this. 

     

    https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide

     

    If there is a way to manage Defender Endpoint exclusions for Servers via any Defender portal I can find. 

  • null null's avatar
    null null
    Copper Contributor
    May 03, 2022

    AusA380 

    Yes you should just need to enable the Hybrid AD join, for devices and servers.

    • Hybrid Azure Active Directory Join must be configured in your environment (either through Federation or AAD Connect Sync)
    • AAD Connect Sync must include the device objects in scope for synchronization with Azure Active Directory (when needed for join)

    Next Make sure you configure the settings here, https://endpoint.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/atp and here https://security.microsoft.com/preferences2/configuration_management2

     

    Takes a While after that but the devices will start showing like this 

     

Resources