Defender for Endpoint policies assignment

Brass Contributor

Hello All,

 

I seek clarification regarding the assignment of Defender for Endpoint policies.

My objective is to create and implement Defender for Endpoint policies across all devices by default. I have a few concerns and would appreciate your insights on the following points:

 

1. Impact Scope: When applying these policies universally, will they affect only the devices that are already onboarded, or will there be any impact on other devices within our network?
2. Exclusion Management: After the policies are applied to all devices, is it possible to exclude certain devices by grouping them and specifying these exclusions within the relevant policies?

 

Your guidance on these matters would be greatly appreciated. Thank you,

 

3 Replies
Point 1 - It will depend on how you onboarded devices and what tool are you using to apply the policies, but in general policies should apply to just the onboarded devices.
Point 2 - Again, it will depend on how are you applying the policies, but if we take Intune as the example, then yes you should be able to exclude a group of devices in assignments.
@rahuljindal-MVP
Thanks for your response.
The devices are onboarded through SCCM. We have created the policies in Endpoint Manager portal (security.microsoft.com).
Hi, policies are applied only on the managed devices; if you are still using SCCM I guess you have a co-management mode; I usually for policies I make sure to assign them to all devices by default and add a security group where I go to enter the devices\users to be excluded from that policy; this way I am sure that security policies are always assigned.