Forum Discussion
Unable to deploy Security settings via MDE
Hello All, We have Windows 10 enrolled in MDE and currently we are exploring to deploy the MDE related security settings to deploy via MEM portal. http://ednpoint.microsoft.com --> Device ---...
Hey, Thanks for the reply..
The devices are not enrolled in MDM, but they are enrolled in Ws1.
We are trying to deploy a custom policy to Block the USB on Windows 10.
there is no information on the portal for the policy assignment.
Just FYI, below are the settings we have in custom policy
OMA-URI Settings
USB Block ./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled Integer
DefaultDeny ./Vendor/MSFT/Defender/Configuration/DefaultEnforcement Integer
The devices are not enrolled in MDM, but they are enrolled in Ws1.
We are trying to deploy a custom policy to Block the USB on Windows 10.
there is no information on the portal for the policy assignment.
Just FYI, below are the settings we have in custom policy
OMA-URI Settings
USB Block ./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled Integer
DefaultDeny ./Vendor/MSFT/Defender/Configuration/DefaultEnforcement Integer
The only MDE policies that can be deployed without Intune enrollment, are the ones listed under "MDE Security configuration" in the screenshot below.
Therefore, I am pretty sure the devices need to be enrolled in Intune if you want to deploy OMA-URI policies.
As is listed below, only "Endpoint security policies" can be managed (and only some of them) can be managed without Intune. Configuration profiles are only available with Intune.