Forum Discussion

Copper Contributor

Oct 18, 2022

Unable to deploy Security settings via MDE

Hello All, We have Windows 10 enrolled in MDE and currently we are exploring to deploy the MDE related security settings to deploy via MEM portal. http://ednpoint.microsoft.com --> Device ---...

Jonhed

Iron Contributor

Oct 18, 2022

Some more information would help.
Are the devices MDM enrolled in Intune?
What settings are you trying to deploy, and what type of policy are you using?
What is the status of the policy assignment on the devices?

If you are trying to manage security settings for devices managed by MDE (not intune enrolled),
there are limitations to what you can do.
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration

g461571

Copper Contributor

Oct 18, 2022

Hey, Thanks for the reply..
The devices are not enrolled in MDM, but they are enrolled in Ws1.
We are trying to deploy a custom policy to Block the USB on Windows 10.
there is no information on the portal for the policy assignment.

Just FYI, below are the settings we have in custom policy
OMA-URI Settings

USB Block ./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled Integer
DefaultDeny ./Vendor/MSFT/Defender/Configuration/DefaultEnforcement Integer

Jonhed
Iron Contributor
Oct 18, 2022
g461571
The only MDE policies that can be deployed without Intune enrollment, are the ones listed under "MDE Security configuration" in the screenshot below.
Therefore, I am pretty sure the devices need to be enrolled in Intune if you want to deploy OMA-URI policies.
- Jonhed
  Iron Contributor
  Oct 18, 2022
  As is listed below, only "Endpoint security policies" can be managed (and only some of them) can be managed without Intune. Configuration profiles are only available with Intune.
  - g461571
    Copper Contributor
    Oct 18, 2022
    Thank you, in suggestion how can this be achieve?