Unable to deploy Security settings via MDE

Question

Hello All,&nbsp;We have Windows 10 enrolled in MDE and currently we are exploring to deploy the MDE related security settings to deploy via MEM portal.&nbsp;http://ednpoint.microsoft.com&nbsp;--&gt; Device ---&gt; Windows ---&gt; In that a new configuration policy is created to block the USB devices on test group.&nbsp;&nbsp;Its more than a week now, we are unable to see anything is getting deployed.&nbsp;&nbsp;&nbsp;

jonhed · Answer

Some more information would help.Are the devices MDM enrolled in Intune?What settings are you trying to deploy, and what type of policy are you using?What is the status of the policy assignment on the devices?If you are trying to manage security settings for devices managed by MDE (not intune enrolled),there are limitations to what you can do.https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration

g461571 · Answer

Hey, Thanks for the reply..The devices are not enrolled in MDM, but they are enrolled in Ws1.We are trying to deploy a custom policy to Block the USB on Windows 10.there is no information on the portal for the policy assignment.Just FYI, below are the settings we have in custom policyOMA-URI SettingsUSB Block ./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled IntegerDefaultDeny ./Vendor/MSFT/Defender/Configuration/DefaultEnforcement Integer

jonhed · Answer

g461571&nbsp;The only MDE policies that can be deployed without Intune enrollment, are the ones listed under "MDE Security configuration" in the screenshot below.Therefore, I am pretty sure the devices need to be enrolled in Intune if you want to deploy OMA-URI policies.&nbsp;

jonhed · Answer

As is listed below, only "Endpoint security policies" can be managed (and only some of them) can be managed without Intune. Configuration profiles are only available with Intune.&nbsp;

g461571 · Answer

Thank you, in suggestion how can this be achieve?

Forum Discussion

Unable to deploy Security settings via MDE

Resources