Defender for Endpoint Mixed Management Scenario

Occasional Contributor

I've been trying to pilot Defender for Endpoint as we are switching from current 3rd AV provider.

 

I've read and re-read all the docs and am still unsure if I'm getting this right

 

Our Scenario

 

  • workstations that are in ConfigMgr and are seen in MEM console as managed by ConfigMgr
  • some workstations co managed from ConfigMgr to Intune
  • Some workstations in Intune Only

 

What Works:

The Workstations in Intune and Comanaged appear to be straightforward - Onboarding I've turned on the Intune Connector and they more or less just register in Security.microsoft.com and if they dont just register, I push out the onboarding package in MEM console using the Windows 10,11, and Windows Server

 

 

What doesn't work

The question I'm left with is the ConfigMgr clients that are not comanaged in Intune One option I tried with these is I can get them to be seen as managed by MDE but ideally I dont want to do this. I turned off manage with ConfigMgr  and yes they do register but these workstations show in MEM console as managed by MDE..

 

 

Is it better to co-manage these  so they are in Intune  and then just turn on Endpoint slider for these in Co-management?

 

Or is it good to setup from ConfigMgr?   This so far has had issues and I'm not understanding something,  In the MEM console it seems to say in Endpoint Detection and Response  Windows 10, 11 and Server (ConfigMgr) to onboard,     so I deployed these to a Cloud Synced collection that has these devices in  from mem console  but it seems to do nothing, am I missing something here?

 

Can you have a mixed environment like this?  it seems to say in the docs you can, but I'm not really understanding what this does Windows 10, 11, Windows Server (ConfigMgr) 

 

the MDM one works  the ConfigMgr one doesnt seem to do anything I've deployed it to a cloud-synced collection from SCCM  but the devices dont show in security.microsoft.com

 

So below this ConfigMgr one seems to do nothing

 

Tim_Beer_1-1657812359999.png

 

 

 

 

1 Reply
Instead of answering to all your questions, I will interest you with a suggestion. Co- management was introduced for exactly like this scenario to extend your existing on-prem infra to the power of Azure cloud. Configure all your endpoints as co-managed and move the EP workload to Intune and manage Defender policies from a single pane of glass.