Forum Discussion
Is "Endpoint Security Policies" available to us? (error getting Intune policies)
Question
We'd like to use Defender \ Endpoint Security Policies.
Is that possible for my tenant's environment?
Getting below error on "Defender \ Endpoint Security Policies" page
"There seems to be an issue getting your Intune policies"
Details of our environment
Purpose of defender
To protect our server fleet that's running outside of Azure
Tenant
GCC - Moderate Scoped
Region
Commercial Azure East US 2
Subscription
Microsoft Defender for Servers Plan 1
(No other subscription, etc.)
Defender Client OS
Windows 2016, 2019, 2022
RHEL8, 9
(No desktops\laptops)
Agents installed on each Windows and Linux server
Defender is onboarded
Arc is onboarded
Configured Settings and Errors
Defender \ Settings \ Configuration management \ Enforcement scope
https://security.microsoft.com/securitysettings/endpoints/configuration_management2
Error at top of page
"Intune is not configured to allow Microsoft Defender for Endpoint to manage security configuration settings."
Use MDE to enforce security configuration settings from Intune
Set to ON
Enable configuration management
Windows Server devices
On tagged devices
Windows Server Domain Controller devices
On tagged devices
Linux devices
On tagged devices
Security settings management for Microsoft Defender for Cloud onboarded devices.
Set to ON
Manage Security settings using Configuration Manager
Set to OFF
Defender \ Settings \ Configuration management \ Intune Permissions
https://security.microsoft.com/securitysettings/endpoints/intune_permissions
Getting error
"Access needed
You don't have the right permissions in AAD to view this information (in addition to those you already have in MDE). To adjust your permissions, go to the AAD portal."
Defender \ Endpoint Security Policies
https://security.microsoft.com/policy-inventory
On main page, getting below error
There seems to be an issue getting your Intune policies
If I try to make a new policy
There seems to be an issue loading the policy authoring wizard.
Intune \ Endpoint security
https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu
Getting Error
You don't have access
Intune roles | My permissions
https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/myPermissions
You're an administrator with full permissions to all Microsoft Intune resources.
Intune roles | Administrator Licensing
https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/administratorLicensing
Allow admins without an Intune license to access Intune. Their scope of access is determined by the Intune roles you've assigned them.
I've clicked the box "Allow access to unlicensed admins"
Alternatives
If Defender \ Endpoint Security Policies isn't available, as alternatives, I guess we could use
SCCM Antimalware policies to manage Windows servers
Deploying a central mdatp_managed.json to manage Linux servers
However, it would be greatly preferred to use the Defender \ Endpoint Security Policies feature for Windows and Linux
2 Replies
- goslackwareCopper Contributor
I see the below note:
https://learn.microsoft.com/en-us/intune/device-security/microsoft-defender/security-settings-managementNote
Exception: If you have access to Microsoft Defender for Endpoint only through Microsoft Defender for servers (part of Microsoft Defender for Cloud, formerly Azure Security Center), the security settings management functionality isn't available. You must have at least one Microsoft Defender for Endpoint (user) subscription license active.
Does that mean that if I added a MDE P1 Standalone (GCC) subscription for ~$3/seat/month to my azure admin account, then that would unlock the security settings management functionality for all of my servers?
Please confirm.
#####################################################################
Also here's a better formatted version of my original question below.Question
- We'd like to use Defender \ Endpoint Security Policies.
- Is that possible for my tenant's environment?
- Getting below error on "Defender \ Endpoint Security Policies" page
- "There seems to be an issue getting your Intune policies"
Details of our environment
- Purpose of defender
- To protect our server fleet that's running outside of Azure
- Tenant
- GCC - Moderate Scoped
- Region
- Commercial Azure East US 2
- Subscription
- Microsoft Defender for Servers Plan 1
- (No other subscription, etc.)
- Defender Client OS
- Windows 2016, 2019, 2022
- RHEL8, 9
- (No desktops\laptops)
- Agents installed on each Windows and Linux server
- Defender is onboarded
- Arc is onboarded
Configured Settings and Errors
Defender \ Settings \ Configuration management \ Enforcement scope
https://security.microsoft.com/securitysettings/endpoints/configuration_management2
- Error at top of page
- "Intune is not configured to allow Microsoft Defender for Endpoint to manage security configuration settings."
- Use MDE to enforce security configuration settings from Intune
- Set to ON
- Enable configuration management
- Windows Server devices
- On tagged devices
- Windows Server Domain Controller devices
- On tagged devices
- Linux devices
- On tagged devices
- Security settings management for Microsoft Defender for Cloud onboarded devices.
- Set to ON
- Manage Security settings using Configuration Manager
- Set to OFF
Defender \ Settings \ Configuration management \ Intune Permissions
https://security.microsoft.com/securitysettings/endpoints/intune_permissions
- Getting error
- "Access needed
You don't have the right permissions in AAD to view this information (in addition to those you already have in MDE). To adjust your permissions, go to the AAD portal."
Defender \ Endpoint Security Policies
https://security.microsoft.com/policy-inventory
- On main page, getting below error
- There seems to be an issue getting your Intune policies
- If I try to make a new policy
- There seems to be an issue loading the policy authoring wizard.
Intune \ Endpoint security
- https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu
- Getting Error
- You don't have access
Intune roles | My permissions
- https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/myPermissions
- You're an administrator with full permissions to all Microsoft Intune resources.
Intune roles | Administrator Licensing
- https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/administratorLicensing
- Allow admins without an Intune license to access Intune. Their scope of access is determined by the Intune roles you've assigned them.
- I've clicked the box "Allow access to unlicensed admins"
Alternatives
- If Defender \ Endpoint Security Policies isn't available, as alternatives, I guess we could use
- SCCM Antimalware policies to manage Windows servers
- Deploying a central mdatp_managed.json to manage Linux servers
- However, it would be greatly preferred to use the Defender \ Endpoint Security Policies feature for Windows and Linux
- goslackwareCopper Contributor
(Here's a better formatted version of above)
Question
- We'd like to use Defender \ Endpoint Security Policies.
- Is that possible for my tenant's environment?
- Getting below error on "Defender \ Endpoint Security Policies" page
- "There seems to be an issue getting your Intune policies"
Details of our environment
- Purpose of defender
- To protect our server fleet that's running outside of Azure
- Tenant
- GCC - Moderate Scoped
- Region
- Commercial Azure East US 2
- Subscription
- Microsoft Defender for Servers Plan 1
- (No other subscription, etc.)
- Defender Client OS
- Windows 2016, 2019, 2022
- RHEL8, 9
- (No desktops\laptops)
- Agents installed on each Windows and Linux server
- Defender is onboarded
- Arc is onboarded
Configured Settings and Errors
Defender \ Settings \ Configuration management \ Enforcement scope
https://security.microsoft.com/securitysettings/endpoints/configuration_management2
- Error at top of page
- "Intune is not configured to allow Microsoft Defender for Endpoint to manage security configuration settings."
- Use MDE to enforce security configuration settings from Intune
- Set to ON
- Enable configuration management
- Windows Server devices
- On tagged devices
- Windows Server Domain Controller devices
- On tagged devices
- Linux devices
- On tagged devices
- Security settings management for Microsoft Defender for Cloud onboarded devices.
- Set to ON
- Manage Security settings using Configuration Manager
- Set to OFF
Defender \ Settings \ Configuration management \ Intune Permissions
https://security.microsoft.com/securitysettings/endpoints/intune_permissions
- Getting error
- "Access needed
You don't have the right permissions in AAD to view this information (in addition to those you already have in MDE). To adjust your permissions, go to the AAD portal."
Defender \ Endpoint Security Policies
https://security.microsoft.com/policy-inventory
- On main page, getting below error
- There seems to be an issue getting your Intune policies
- If I try to make a new policy
- There seems to be an issue loading the policy authoring wizard.
Intune \ Endpoint security
- https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu
- Getting Error
- You don't have access
Intune roles | My permissions
- https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/myPermissions
- You're an administrator with full permissions to all Microsoft Intune resources.
Intune roles | Administrator Licensing
- https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/administratorLicensing
- Allow admins without an Intune license to access Intune. Their scope of access is determined by the Intune roles you've assigned them.
- I've clicked the box "Allow access to unlicensed admins"
Alternatives
- If Defender \ Endpoint Security Policies isn't available, as alternatives, I guess we could use
- SCCM Antimalware policies to manage Windows servers
- Deploying a central mdatp_managed.json to manage Linux servers
- However, it would be greatly preferred to use the Defender \ Endpoint Security Policies feature for Windows and Linux