cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Defender Settings not applied?

somaji
Brass Contributor

‎Jan 19 2023 02:03 PM - edited ‎Jan 20 2023 04:33 AM

‎Jan 19 2023 02:03 PM - edited ‎Jan 20 2023 04:33 AM

Defender Settings not applied?

We're using Intune with Microsoft Endpoint in Microsoft365/Azure for deploying apps, and configuring AzureAD Joined/MEM Managed devices; and Azure Security group containing Windows Client OS devices.

 

There are Defender settings, in a MEM Windows Device Configuration Profile, as well as Attack Surface Reduction profile; the settings were replicated from Intune Windows configuration after Security Recommendations indicated the settings needed to be applied in order to improve security. , Security recommendations state those setting is not enabled for 'all' the devices. I verified that Windows Device Configuration settings are applied to the workstations since Chrome Desktop browser and Edge Chromium browser settings are applied across the organization.

 

Any suggestion would be welcome. 

 

Thank you.

1,409 Views
0 Likes
2 Replies
Reply
2 Replies
rahuljindal-MVP

‎Jan 19 2023 02:24 PM

‎Jan 19 2023 02:24 PM

Re: Defender Settings not applied?

Security recommendations will give you a list of exposed devices. Did you check if those devices are target or not? Also, what are the recommendations for?
0 Likes
Reply
somaji

‎Jan 20 2023 04:29 AM

‎Jan 20 2023 04:29 AM

Re: Defender Settings not applied?

@rahuljindal-MVP  Thank you for your help. The configurations, from Defender, MEM, Amtivirus, and ASR, are applied to the Azure Security Group (dynamic) which includes Windows OS devices that are not Server.

Several recommendations (e.g. Block Office applications from creating child processes, Block Adobe from creating child processes, Setup PUA in Block mode, etc.) indicate 130/130 devices. While Google and Edge Chromium Uodate display 3/130 or 8/130 respectively.

 

When looking at configuration health, there are 4 policy conflicts (which are not listed in the recommendations. Each device, joined to AzureAD is dis-joined from WindowsAD, factory reset, and joined to AzureAD to precisely avoid Group Policy and Intune configuration conflicts. In the Windows configuration, MEM policy takes precedence over Group Policy; in case our tech decided to process his setup.

0 Likes
Reply