Looking forward to the session, because we have big issues with the Defender <> Intune sync which is very unreliable for us. We face many “false-positives” due to the fact the Defender risk score is not synced in a timely manner with Intune or synced at all. In general, 50% of our devices have the status “not applicable” - even with a current check-in time of the device with Defender and Intune itsef. Pre-provisioning devices via Intune Autopilot is also causing “non-compliant” devices due to the risk score, causing completing the account setup phase at a later time e.g. next day to fail. We already had quite a few support tickets in regard to our problems, but so far our experience is frankly spoken not the best. Therefore, I hope to get more insights and/or find someone at Microsoft to tackle our issues.

We have implemented the Intune compliance policy for iOS, Android devices, “Microsoft Defender for Endpoint: Require the device to be at or under the machine risk score: medium,” with the primary goal of identifying and addressing devices where Microsoft Defender is not activated on Intune-managed endpoints. However, we have observed that this policy frequently results in false positives, particularly when users are inactive for extended periods (such as one week or more), which leads to unnecessary notifications.
To optimize our approach, we now seek greater clarity regarding the distinctions between Medium, High, and other risk levels, as overly stringent Defender requirements may adversely affect the overall Intune MDM user experience. Additionally, we have encountered challenges communicating with end-users, as they find that granting permissions to Microsoft Defender is less seamless compared to their experiences with Intune. Furthermore, the current Non-Compliance in-app notification is not user-friendly, as it is difficult to understand and often requires repeated authentication to access the non-compliance message.

We recommend simplifying the process and improving the Non-Compliance notification process to enhance clarity and reduce friction for end-users.

When you create a iOS compliance policy we have an issue where devices are marked as not compliant when the user haven't signed in on that device for a month. The custom policy says "Mark Device NonCompliant" 300 days. Is this primarily caused by the Tenant compliance setting  "Compliance status validity period days" being set to 30 days? How would you address the issue of devices being marked as not compliant after 30 days when one user can have multiple test devices that are not used every month?

I would like to know if there is a way (comming) to Activate the MS Defender App on a managed (COPE) Andriod phone with Zero-touch, just like is (already) possible for an iPhone?
(because with the Low-Touch options, it still requires the end-user to perform some action(s), so we can't guarantee that the end-user actually performs that action(s) and the device is actually protected via MS Defender)