Jun 30 2022 01:28 AM - edited Jun 30 2022 01:31 AM
Hi everyone,
I am quite new to Defender for Endpoint therefore thought this resource would be useful for learning.
Recently one of our customers subscribed to Defender for Endpoint P2. The customer has approx. 50 Windows 10 devices and 5 Windows server 2019 devices.
I onboarded the Windows 10 devices and Windows server 2019 devices using GPO and the onboarding script.
The customer does not have Intune licensing therefore I was unable to use Microsoft Endpoint Manager (MEM) to onboard devices.
My question and concern is this... Is my customer missing out on critical functionality by not having Intune licensing? Does Defender for Endpoint work best with Intune?
For example, if the customer adds a few new Windows 11 but does not want to domain join them, they will have to be manually onboarded, but how will they then be managed? They cannot be managed using GPO as they are not on the domain. So lets say an exclusion for Defender AV is made in the GPMC, how will this exclusion be applied to the new Windows 11 devices that are not on the domain? If they were managed via MEM then I assume this wouldn't be an issue.
The more I read about Defender for Endpoint the more I think its designed to be used with MEM as opposed to GPO.
Any help is greatly appreciated.
Jun 30 2022 05:34 AM
@olympusMons MEM still does not cover the same broad features as GPOs do. So you definitely do not miss out on features by not deploying via Intune, except the fact that you can actually onboard workgroup devices to your tenant and have them onboarded to MDE.
Jun 30 2022 05:52 AM
Jun 30 2022 06:47 AM
We are using it without MEM or much in the way of GPOs. There are certain features, like ASR rules, that need MEM or GPO to manage them, but nothing I would call critical. We do have a couple settings like client latency set via GPO, you would have to set those locally on workgroup PCs with a script or something similar. A bit of a pain but not the sort of thing you would change very often. If you are happy with the setting put in by the onboarding script then you wouldn't have to do anything.
Jun 30 2022 10:32 AM
Jul 01 2022 05:11 AM