Tech Community Live: AMA – Manage endpoint security in Microsoft Endpoint Manager

Some feedback for future AMAs, I'm unable to watch the session as my company have enabled safe search on google and so I can't watch the video with youtube restricted mode enabled and I cannot turn it off. I've been told you can mark the video as not for over 18 but anything that would allow it to be viewed with restricted mode enabled would be helpful.

as part of the documentation. one of the derequisition of the ASR is to work with defender AV that's is correct?

When in the Endpoint Security node, when creating an Antivirus or "Endpoint detection and response" policy we are seeing a new Platform option: Windows 10, Windows 11, and Windows Server. When you create a policy using this platform option, you end up with a policy that indicates that the Target is "mdm,microsoftSense". Could you talk about this and what those Target options are and the implication of using this Platform option. Specifically, when creating an "Endpoint detection and response" policy using the "Windows 10, Windows 11, and Windows Server" Platform option, you have to select from one of 4 options for the MDE client configuration package: Auto from connector, Onboard, Offboard, Not configured. Could you cover what these options are for? Thank you. Looking forward to you answers.

Is there a way to skip the" Skip user Enrollment Status Page" on co-managed devices where the Device Configuration workload has not been moved yet? For example, can we do this through a reg edit since we are not able to use a Device csp profile from MEM?

If Autopatch is outside the scope of this AMA, will there be another AMA that covers it? (My question on it below was skipped over )

Why are device databases from MEM different from Azure device databases? We had some devices enabled in MEM but disabled in Azure, or devices that have been removed in MEM but not in Azure - these causes lots of confusion. Any plans to make the device databases to show the same info in MEM and Azure?

In MEM for mobile, what are options to disable Apple mail, calendar and SIRI when iOS devices are fully enrolled in Intune? We want employees to just use Outlook for mobile and other Microsoft mobile apps in fully enrolled devices.

What is the status on MEM iOS application policy being able to manage Apple mail and Apple calendar apps? We have fully enrolled iOS devices that use the native Apple mail and calendar but we cannot prevent employees who setup their work emails in these apps from copy pasting info and other mobile app policies?

We have an issue where password complexity configuration profile works fine but the compliance policy seems to have a bug so it reports non-compliance to all our Windows devices. We had to dumb-down the compliance policy so that we get "green". I have found this is talked about in forums but it seems it is not picked up for fix. As end-users of Endpoint Manager, this is important for us. How do we get support for things like this? Secondly, device list on Endpoint Manager and AzureAD device (perhaps even Defender for Microsoft 365) don't match for variety of reasons (renaming devices, re-issued devices etc). Is there a way we get this list synching so that we are not having to resort to API or CloudShell to remove individual devices?