Forum Discussion

goslackware's avatar
goslackware
Copper Contributor
Jun 25, 2026

Is "Endpoint Security Policies" available to us? (error getting Intune policies)

Question

We'd like to use Defender \ Endpoint Security Policies. 

Is that possible for my tenant's environment?

Getting below error on "Defender \ Endpoint Security Policies" page

 

"There seems to be an issue getting your Intune policies"

Details of our environment

Purpose of defender

To protect our server fleet that's running outside of Azure

Tenant 

GCC - Moderate Scoped

Region

Commercial Azure East US 2

Subscription

Microsoft Defender for Servers Plan 1

(No other subscription, etc.)

Defender Client OS

Windows 2016, 2019, 2022

RHEL8, 9

(No desktops\laptops)

Agents installed on each Windows and Linux server

Defender is onboarded

Arc is onboarded

Configured Settings and Errors

Defender \ Settings \ Configuration management \ Enforcement scope

 

https://security.microsoft.com/securitysettings/endpoints/configuration_management2

 

Error at top of page

"Intune is not configured to allow Microsoft Defender for Endpoint to manage security configuration settings."

Use MDE to enforce security configuration settings from Intune

Set to ON

Enable configuration management

Windows Server devices

On tagged devices

Windows Server Domain Controller devices

On tagged devices

Linux devices

On tagged devices

Security settings management for Microsoft Defender for Cloud onboarded devices.

Set to ON

Manage Security settings using Configuration Manager

Set to OFF

Defender \ Settings \ Configuration management \ Intune Permissions

 

https://security.microsoft.com/securitysettings/endpoints/intune_permissions

 

Getting error

"Access needed

You don't have the right permissions in AAD to view this information (in addition to those you already have in MDE). To adjust your permissions, go to the AAD portal."

Defender \ Endpoint Security Policies

 

https://security.microsoft.com/policy-inventory

 

On main page, getting below error

There seems to be an issue getting your Intune policies

If I try to make a new policy

There seems to be an issue loading the policy authoring wizard.

Intune \ Endpoint security

 

https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu

 

Getting Error

You don't have access

Intune roles | My permissions

 

https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/myPermissions

 

You're an administrator with full permissions to all Microsoft Intune resources.

Intune roles | Administrator Licensing

https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/administratorLicensing

Allow admins without an Intune license to access Intune. Their scope of access is determined by the Intune roles you've assigned them.

I've clicked the box "Allow access to unlicensed admins"

Alternatives

If Defender \ Endpoint Security Policies isn't available, as alternatives, I guess we could use

SCCM Antimalware policies to manage Windows servers

Deploying a central mdatp_managed.json to manage Linux servers

However, it would be greatly preferred to use the Defender \ Endpoint Security Policies feature for Windows and Linux

2 Replies

  • goslackware's avatar
    goslackware
    Copper Contributor

    I see the below note:


    https://learn.microsoft.com/en-us/intune/device-security/microsoft-defender/security-settings-management

    Note

    Exception: If you have access to Microsoft Defender for Endpoint only through Microsoft Defender for servers (part of Microsoft Defender for Cloud, formerly Azure Security Center), the security settings management functionality isn't available. You must have at least one Microsoft Defender for Endpoint (user) subscription license active.

     

    Does that mean that if I added a MDE P1 Standalone (GCC) subscription for ~$3/seat/month to my azure admin account, then that would unlock the security settings management functionality for all of my servers?

     

    Please confirm.

     

    #####################################################################

    Also here's a better formatted version of my original question below.

    Question

    • We'd like to use Defender \ Endpoint Security Policies. 
      • Is that possible for my tenant's environment?
      • Getting below error on "Defender \ Endpoint Security Policies" page
        • "There seems to be an issue getting your Intune policies"

    Details of our environment

    • Purpose of defender
      • To protect our server fleet that's running outside of Azure
    • Tenant 
      • GCC - Moderate Scoped
    • Region
      • Commercial Azure East US 2
    • Subscription
      • Microsoft Defender for Servers Plan 1
      • (No other subscription, etc.)
    • Defender Client OS
      • Windows 2016, 2019, 2022
      • RHEL8, 9
      • (No desktops\laptops)
    • Agents installed on each Windows and Linux server
      • Defender is onboarded
      • Arc is onboarded

    Configured Settings and Errors

    Defender \ Settings \ Configuration management \ Enforcement scope

    https://security.microsoft.com/securitysettings/endpoints/configuration_management2

    • Error at top of page
      • "Intune is not configured to allow Microsoft Defender for Endpoint to manage security configuration settings."
    • Use MDE to enforce security configuration settings from Intune
      • Set to ON
    • Enable configuration management
      • Windows Server devices
        • On tagged devices
      • Windows Server Domain Controller devices
        • On tagged devices
      • Linux devices
        • On tagged devices
    • Security settings management for Microsoft Defender for Cloud onboarded devices.
      • Set to ON
    • Manage Security settings using Configuration Manager
      • Set to OFF

    Defender \ Settings \ Configuration management \ Intune Permissions

    https://security.microsoft.com/securitysettings/endpoints/intune_permissions

    • Getting error
      • "Access needed
        You don't have the right permissions in AAD to view this information (in addition to those you already have in MDE). To adjust your permissions, go to the AAD portal."

    Defender \ Endpoint Security Policies

    https://security.microsoft.com/policy-inventory

    • On main page, getting below error
      • There seems to be an issue getting your Intune policies
    • If I try to make a new policy
      • There seems to be an issue loading the policy authoring wizard.

    Intune \ Endpoint security

    • https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu
      • Getting Error
        • You don't have access

    Intune roles | My permissions

    • https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/myPermissions
      • You're an administrator with full permissions to all Microsoft Intune resources.

    Intune roles | Administrator Licensing

    • https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/administratorLicensing
      • Allow admins without an Intune license to access Intune. Their scope of access is determined by the Intune roles you've assigned them.
      • I've clicked the box "Allow access to unlicensed admins"

    Alternatives

    • If Defender \ Endpoint Security Policies isn't available, as alternatives, I guess we could use
      • SCCM Antimalware policies to manage Windows servers
      • Deploying a central mdatp_managed.json to manage Linux servers
    • However, it would be greatly preferred to use the Defender \ Endpoint Security Policies feature for Windows and Linux

     

  • goslackware's avatar
    goslackware
    Copper Contributor

    (Here's a better formatted version of above)

    Question

    • We'd like to use Defender \ Endpoint Security Policies. 
      • Is that possible for my tenant's environment?
      • Getting below error on "Defender \ Endpoint Security Policies" page
        • "There seems to be an issue getting your Intune policies"

    Details of our environment

    • Purpose of defender
      • To protect our server fleet that's running outside of Azure
    • Tenant 
      • GCC - Moderate Scoped
    • Region
      • Commercial Azure East US 2
    • Subscription
      • Microsoft Defender for Servers Plan 1
      • (No other subscription, etc.)
    • Defender Client OS
      • Windows 2016, 2019, 2022
      • RHEL8, 9
      • (No desktops\laptops)
    • Agents installed on each Windows and Linux server
      • Defender is onboarded
      • Arc is onboarded

    Configured Settings and Errors

    Defender \ Settings \ Configuration management \ Enforcement scope

    https://security.microsoft.com/securitysettings/endpoints/configuration_management2

    • Error at top of page
      • "Intune is not configured to allow Microsoft Defender for Endpoint to manage security configuration settings."
    • Use MDE to enforce security configuration settings from Intune
      • Set to ON
    • Enable configuration management
      • Windows Server devices
        • On tagged devices
      • Windows Server Domain Controller devices
        • On tagged devices
      • Linux devices
        • On tagged devices
    • Security settings management for Microsoft Defender for Cloud onboarded devices.
      • Set to ON
    • Manage Security settings using Configuration Manager
      • Set to OFF

    Defender \ Settings \ Configuration management \ Intune Permissions

    https://security.microsoft.com/securitysettings/endpoints/intune_permissions

    • Getting error
      • "Access needed
        You don't have the right permissions in AAD to view this information (in addition to those you already have in MDE). To adjust your permissions, go to the AAD portal."

    Defender \ Endpoint Security Policies

    https://security.microsoft.com/policy-inventory

    • On main page, getting below error
      • There seems to be an issue getting your Intune policies
    • If I try to make a new policy
      • There seems to be an issue loading the policy authoring wizard.

    Intune \ Endpoint security

    • https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu
      • Getting Error
        • You don't have access

    Intune roles | My permissions

    • https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/myPermissions
      • You're an administrator with full permissions to all Microsoft Intune resources.

    Intune roles | Administrator Licensing

    • https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/administratorLicensing
      • Allow admins without an Intune license to access Intune. Their scope of access is determined by the Intune roles you've assigned them.
      • I've clicked the box "Allow access to unlicensed admins"

    Alternatives

    • If Defender \ Endpoint Security Policies isn't available, as alternatives, I guess we could use
      • SCCM Antimalware policies to manage Windows servers
      • Deploying a central mdatp_managed.json to manage Linux servers
    • However, it would be greatly preferred to use the Defender \ Endpoint Security Policies feature for Windows and Linux