HiWhat is the correct process for managing and deploying policies for Windows server 2019 domain controllers. I know that Security settings management doesn't work on and isn't supported on 2019 DCs as per (https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?view=o365-worldwide#configure-your-tenant-to-support-microsoft-defender-for-endpoint-security-configuration-management So how do I manage and get policies to a 2019 DC Thanks

Hi Fhilp, yes correct and this is by design, intentionally! The recommended way to manage domain controllers is via GPOs.

Defender for Endpoints - Domain Controllers

Sreejith_r
Brass Contributor
Nov 25, 2024
MDE Security management supports Domain controllers (preview). See important information in Use of security settings management on domain controllers (in this below article)
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?view=o365-worldwide#use-of-security-settings-management-on-domain-controllers
Deleted
Dec 08, 2023
Yes the best practies is to manage mde on dc with gpo, security management features is not supported on domain controller.
HeikeRitter
Microsoft
Dec 06, 2023
Hi Fhilp, yes correct and this is by design, intentionally! The recommended way to manage domain controllers is via GPOs.
- lakshmiapthiraju
  Copper Contributor
  Jun 01, 2026
  Hi Heike,
  it is supported now right with a right KB installed as per, but still seen some scenarios where the some DC's are unable to complete the synthetic registration, do we know why its failing to create to synthetic registration?
  https://learn.microsoft.com/en-us/intune/device-security/microsoft-defender/security-settings-management?view=o365-worldwide
- Fhilp
  Brass Contributor
  Dec 07, 2023
  Thanks for confirming