Defender for Endpoint devices not showing up in security Portal

%3CLINGO-SUB%20id%3D%22lingo-sub-3298799%22%20slang%3D%22en-US%22%3EDefender%20for%20Endpoint%20devices%20not%20showing%20up%20in%20security%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3298799%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20just%20starting%20to%20roll%20out%20Defender%20for%20endpoint%20within%20my%20organisation.%20The%20majority%20of%20machines%20are%20hybrid%20Azure%20AD%20joined%20using%20a%20GPO.%20I%20have%20been%20able%20to%20get%20the%20PC's%20to%20register%20in%20the%20devices%20view%20in%20Endpoint%20Security%20dashboard%20however%2C%20they%20never%20show%20up%20in%20the%20devices%20view%20in%20the%20security%20dashboard.%20I%20am%20really%20confused%20about%20these%20two%20particular%20areas%20for%20administration.%20One%20seems%20to%20relate%20to%20intune%20but%20has%20the%20ability%20to%20rollout%20out%20defender%20for%20endpoint%20then%20in%20the%20other%20panel%20(security.microsoft.com)%20there%20are%20other%20settings%20in%20there%20like%20turning%20on%20EDR%20etc.%20Is%20there%20any%20documentation%20anywhere%20to%20explain%20why%20there%20are%20two%20places%20and%20how%20they%20link%3F%20I%20manage%20two%20other%20companies%20and%20they%20have%20been%20set%20up%20the%20same.%20Their%20PC's%20show%20in%20both%20places%20however%20for%20this%20one%20company%2C%20the%20devices%20never%20appear%20in%20the%20security%20portal%20so%20i%20cannot%20see%20if%20there%20are%20any%20problems%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPaul%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3301431%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Endpoint%20devices%20not%20showing%20up%20in%20security%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3301431%22%20slang%3D%22en-US%22%3EThink%20of%20it%20as%20the%20Management%20Plane%20vs%20the%20Security%2FResponse%20plane.%20All%20your%20Security%20Configs%20need%20to%20happen%20in%20GPO%2FSCCM%2FIntune%20then%20some%20of%20the%20EDR%20advanced%20features%2Fall%20of%20the%20response%20happens%20in%20the%20Security%20plane.%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20PDF%20is%20probably%20best%20at%20describing%20the%20connection.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F5%2F6%2F0%2F5609001f-b8ae-412f-89eb-643976f6b79c%2Fmde-deployment-strategy.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F5%2F6%2F0%2F5609001f-b8ae-412f-89eb-643976f6b79c%2Fmde-deployment-strategy.pdf%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fdeployment-strategy%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fdeployment-strategy%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi All,

 

I am just starting to roll out Defender for endpoint within my organisation. The majority of machines are hybrid Azure AD joined using a GPO. I have been able to get the PC's to register in the devices view in Endpoint Security dashboard however, they never show up in the devices view in the security dashboard. I am really confused about these two particular areas for administration. One seems to relate to intune but has the ability to rollout out defender for endpoint then in the other panel (security.microsoft.com) there are other settings in there like turning on EDR etc. Is there any documentation anywhere to explain why there are two places and how they link? I manage two other companies and they have been set up the same. Their PC's show in both places however for this one company, the devices never appear in the security portal so i cannot see if there are any problems etc.

 

thanks

 

Paul

 

1 Reply
Think of it as the Management Plane vs the Security/Response plane. All your Security Configs need to happen in GPO/SCCM/Intune then some of the EDR advanced features/all of the response happens in the Security plane.

This PDF is probably best at describing the connection.
https://download.microsoft.com/download/5/6/0/5609001f-b8ae-412f-89eb-643976f6b79c/mde-deployment-st...
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deployment-strategy?view=o...