Feb 07 2023 05:07 AM - edited Feb 07 2023 05:08 AM
We are a strictly on-prem shop who uses ConfigMgr. We've onboarded our devices via the Onboarding script that was generated directly from Settings -> Endpoints -> Onboarding in 365 Defender and now see them inside 365 Defender under Devices. However, under the "Managed By" column in 365 Defender, most now say "MDE" while a few say "ConfigMgr".
For reference, we're strictly on-prem and have nothing in Intune and are all running the latest Windows 10 version. Our ConfigMgr server is version 2207 running Server 2022. Did we do something wrong?
Feb 07 2023 06:53 AM
Hello @lloydz,
Did you onboard your devices using this: Onboarding using Microsoft Endpoint Configuration Manager | Microsoft Learn ?
Feb 07 2023 07:01 AM
@mikhailf Yes, we used the "on-premise architecture" instructions from that link. We had an existing Antimalware Policy in ConfigMgr - and we used the onboarding file generated from 365 Defender and imported it into ConfigMgr and applied it to our device collection.
Feb 08 2023 01:12 PM
@lloydz, please check that MDE security configuration management is not enabled in the Defender portal under Settings, Endpoints and Enforcement Scope since you are planning to use only SCCM.
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration
Feb 08 2023 01:21 PM
Feb 08 2023 01:45 PM
@lloydz, everything should update the next time devices synced with the M365 Defender portal.
Check locally that the SCCM Antimalware policy has been applied correctly. You can try with the Powershell command Get-MpPreference, checking SCCM logs, RSOP.msc, etc.
Feb 09 2023 05:12 AM
Feb 09 2023 07:38 AM
@lloydz, you should see devices to change to be managed by ConfigMgr.
When you use Get-MpPreference, you want to check settings defined by your SCCM Antimalware policy that apply correctly.