Default MDE policies are not applied to devices

Copper Contributor

Small company, ~15 users/devices, all devices are Entra-Joined but only one device was enrolled into Intune MDM a year ago, just for testing.

User licenses for all users were upgraded from MS 365 Business Standard to MS 365 Business Premium.

The deployment of MDE was performed through the onboarding package (archive with a .cmd file).

The Intune connector was not activated either in the MDE settings in the 365 Security/Defender Center or in Intune itself.

All devices are listed in Devices in 365 Defender Center and have onboarded/active status, however, their "Managed by" field has the "Unknown" status except for one device that was enrolled in Intune a year ago.

Both standard policies ("Next-generation protection" and "Firewall") are present in the Device configuration, but both of them display their application to 2 devices, while they themselves display only one device, the same as in Intune.
I tried to remove the "All devices" group from their settings and created a dynamic group containing all devices in the organization (filter "device.objectId -ne null", all devices were presein in group in Entra ID), nothing changed within several days.
There are no duplicate devices, it is unclear why 2 devices are displayed instead of one (shown in the screenshots).

0 Replies