Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

InTune, SCCM or Powershell?

Iron Contributor

We have a Customer currently using SCCM that needs to have Defender ATP deployed, plus we have a few others lined up in the coming months, and yet as we're reviewing the config details we consistently see the instructions listed as:



What is the best way of doing this with the most commanality? Is it Powershell perhaps?

Ideally with a view to being able to consistently reuse the same configurations as a baseline for each customer.


Does this make sense?

1 Reply
best response confirmed by David Caddick (Iron Contributor)

Hi @David Caddick 


This is what we use , depending on the customer's environment:


  1. If they have ConfigMgr, we use ConfigMgr antimalware and Defender ATP policies to configure and deploy Windows Defender settings and do the ATP onboarding. 
  2. If the customer uses Intune only, we do all via Intune.
  3. If they have VDI (without ConfigMgr Agent installed), use GPO


In terms of re-usage, in ConfigMgr you can export the Antimalware policy which gives you an XML file, that you can easily import again. The same would go for GPOs. Intune, haven't looked at this yet. 


Hope that helps