cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Defender for Endpoint - ConfigMgr

lloydz
Copper Contributor

‎Feb 07 2023 05:07 AM - edited ‎Feb 07 2023 05:08 AM

‎Feb 07 2023 05:07 AM - edited ‎Feb 07 2023 05:08 AM

Defender for Endpoint - ConfigMgr

We are a strictly on-prem shop who uses ConfigMgr.  We've onboarded our devices via the Onboarding script that was generated directly from Settings -> Endpoints -> Onboarding in 365 Defender and now see them inside 365 Defender under Devices.  However, under the "Managed By" column in 365 Defender, most now say "MDE" while a few say "ConfigMgr".  

 

For reference, we're strictly on-prem and have nothing in Intune and are all running the latest Windows 10 version.  Our ConfigMgr server is version 2207 running Server 2022.  Did we do something wrong?

1,528 Views
0 Likes
7 Replies
Reply
7 Replies
mikhailf

‎Feb 07 2023 06:53 AM

‎Feb 07 2023 06:53 AM

Re: Defender for Endpoint - ConfigMgr

Hello @lloydz,

 

Did you onboard your devices using this: Onboarding using Microsoft Endpoint Configuration Manager | Microsoft Learn ? 

0 Likes
Reply
lloydz

‎Feb 07 2023 07:01 AM

‎Feb 07 2023 07:01 AM

Re: Defender for Endpoint - ConfigMgr

@mikhailf Yes, we used the "on-premise architecture" instructions from that link.  We had an existing Antimalware Policy in ConfigMgr - and we used the onboarding file generated from 365 Defender and imported it into ConfigMgr and applied it to our device collection.

0 Likes
Reply
Antons Bukels

‎Feb 08 2023 01:12 PM

‎Feb 08 2023 01:12 PM

Re: Defender for Endpoint - ConfigMgr

@lloydz, please check that MDE security configuration management is not enabled in the Defender portal under Settings, Endpoints and Enforcement Scope since you are planning to use only SCCM.

https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration

1 Like
Reply
lloydz

‎Feb 08 2023 01:21 PM

‎Feb 08 2023 01:21 PM

Re: Defender for Endpoint - ConfigMgr

That might be the issue then. That option was enabled. I've turned it off - should the devices update themselves or would we need to offboard them and onboard them again?
0 Likes
Reply
Antons Bukels

‎Feb 08 2023 01:45 PM

‎Feb 08 2023 01:45 PM

Re: Defender for Endpoint - ConfigMgr

@lloydz, everything should update the next time devices synced with the M365 Defender portal.

 

Check locally that the SCCM Antimalware policy has been applied correctly. You can try with the Powershell command Get-MpPreference, checking SCCM logs, RSOP.msc, etc.

 

0 Likes
Reply
lloydz

‎Feb 09 2023 05:12 AM

‎Feb 09 2023 05:12 AM

Re: Defender for Endpoint - ConfigMgr

Turning off that setting has steadily decreased the number of "Managed by MDE", however, those that were managed by MDE now say "Unknown". What am I looking for exactly when I run "Get-MpPreference" that can tell whether it's managed by ConfigMgr?
0 Likes
Reply
Antons Bukels

‎Feb 09 2023 07:38 AM

‎Feb 09 2023 07:38 AM

Re: Defender for Endpoint - ConfigMgr

@lloydz, you should see devices to change to be managed by ConfigMgr.

 

When you use Get-MpPreference, you want to check settings defined by your SCCM Antimalware policy that apply correctly. 

0 Likes
Reply