Forum Discussion
Is "Endpoint Security Policies" available to us? (error getting Intune policies)
I see the below note:
https://learn.microsoft.com/en-us/intune/device-security/microsoft-defender/security-settings-management
Note
Exception: If you have access to Microsoft Defender for Endpoint only through Microsoft Defender for servers (part of Microsoft Defender for Cloud, formerly Azure Security Center), the security settings management functionality isn't available. You must have at least one Microsoft Defender for Endpoint (user) subscription license active.
Does that mean that if I added a MDE P1 Standalone (GCC) subscription for ~$3/seat/month to my azure admin account, then that would unlock the security settings management functionality for all of my servers?
Please confirm.
#####################################################################
Also here's a better formatted version of my original question below.
Question
- We'd like to use Defender \ Endpoint Security Policies.
- Is that possible for my tenant's environment?
- Getting below error on "Defender \ Endpoint Security Policies" page
- "There seems to be an issue getting your Intune policies"
Details of our environment
- Purpose of defender
- To protect our server fleet that's running outside of Azure
- Tenant
- GCC - Moderate Scoped
- Region
- Commercial Azure East US 2
- Subscription
- Microsoft Defender for Servers Plan 1
- (No other subscription, etc.)
- Defender Client OS
- Windows 2016, 2019, 2022
- RHEL8, 9
- (No desktops\laptops)
- Agents installed on each Windows and Linux server
- Defender is onboarded
- Arc is onboarded
Configured Settings and Errors
Defender \ Settings \ Configuration management \ Enforcement scope
https://security.microsoft.com/securitysettings/endpoints/configuration_management2
- Error at top of page
- "Intune is not configured to allow Microsoft Defender for Endpoint to manage security configuration settings."
- Use MDE to enforce security configuration settings from Intune
- Set to ON
- Enable configuration management
- Windows Server devices
- On tagged devices
- Windows Server Domain Controller devices
- On tagged devices
- Linux devices
- On tagged devices
- Security settings management for Microsoft Defender for Cloud onboarded devices.
- Set to ON
- Manage Security settings using Configuration Manager
- Set to OFF
Defender \ Settings \ Configuration management \ Intune Permissions
https://security.microsoft.com/securitysettings/endpoints/intune_permissions
- Getting error
- "Access needed
You don't have the right permissions in AAD to view this information (in addition to those you already have in MDE). To adjust your permissions, go to the AAD portal."
Defender \ Endpoint Security Policies
https://security.microsoft.com/policy-inventory
- On main page, getting below error
- There seems to be an issue getting your Intune policies
- If I try to make a new policy
- There seems to be an issue loading the policy authoring wizard.
Intune \ Endpoint security
- https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu
- Getting Error
- You don't have access
Intune roles | My permissions
- https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/myPermissions
- You're an administrator with full permissions to all Microsoft Intune resources.
Intune roles | Administrator Licensing
- https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/~/administratorLicensing
- Allow admins without an Intune license to access Intune. Their scope of access is determined by the Intune roles you've assigned them.
- I've clicked the box "Allow access to unlicensed admins"
Alternatives
- If Defender \ Endpoint Security Policies isn't available, as alternatives, I guess we could use
- SCCM Antimalware policies to manage Windows servers
- Deploying a central mdatp_managed.json to manage Linux servers
- However, it would be greatly preferred to use the Defender \ Endpoint Security Policies feature for Windows and Linux