May 21 2022 08:59 AM - edited May 21 2022 09:43 AM
I've been doing a lot of spot checking since we've implemented both Intune and MDE. Intune and MDE are working in concern with each other, but something isn't right in the device reporting. Case in point:
#1 - I have several devices in MDE that show "Medium" risk levels based on outstanding patches or other software vulnerabilities. I've logged into several of these devices only to find that patching based on my configured Update Rings and other security interventions have been done that were reported by MDE. Yet none of these things are being updated in MDE even as the devices are syncing with Intune and sending health logs. I don't trust the "Exposure Score" in our MDE dashboard due to this lack of proper device update reporting to MDE, and I have concerns about implementing some of the other recommendations just because I don't trust that MDE isn't going to accurately report the implementations and results therein.
#2 - I've implemented several ASR rules in "Block" mode Intune that MDE has yet to interpret, so my ASR reports are inaccurate.
#3 - I have two vulnerability remediations that I configured in Intune two weeks ago that MDE has yet to report the status on, although Intune shows devices as having received the profile update.
Is anyone else seeing similar behavior or false-positives in your MDE environment?
Jun 08 2022 04:04 AM
Jun 15 2022 01:10 PM