I've been trying to pilot Defender for Endpoint as we are switching from current 3rd AV provider.
I've read and re-read all the docs and am still unsure if I'm getting this right
Our Scenario
- workstations that are in ConfigMgr and are seen in MEM console as managed by ConfigMgr
- some workstations co managed from ConfigMgr to Intune
- Some workstations in Intune Only
What Works:
The Workstations in Intune and Comanaged appear to be straightforward - Onboarding I've turned on the Intune Connector and they more or less just register in Security.microsoft.com and if they dont just register, I push out the onboarding package in MEM console using the Windows 10,11, and Windows Server
What doesn't work
The question I'm left with is the ConfigMgr clients that are not comanaged in Intune One option I tried with these is I can get them to be seen as managed by MDE but ideally I dont want to do this. I turned off manage with ConfigMgr and yes they do register but these workstations show in MEM console as managed by MDE..
Is it better to co-manage these so they are in Intune and then just turn on Endpoint slider for these in Co-management?
Or is it good to setup from ConfigMgr? This so far has had issues and I'm not understanding something, In the MEM console it seems to say in Endpoint Detection and Response Windows 10, 11 and Server (ConfigMgr) to onboard, so I deployed these to a Cloud Synced collection that has these devices in from mem console but it seems to do nothing, am I missing something here?
Can you have a mixed environment like this? it seems to say in the docs you can, but I'm not really understanding what this does Windows 10, 11, Windows Server (ConfigMgr)
the MDM one works the ConfigMgr one doesnt seem to do anything I've deployed it to a cloud-synced collection from SCCM but the devices dont show in security.microsoft.com
So below this ConfigMgr one seems to do nothing
