SOLVED

InTune, SCCM or Powershell?

%3CLINGO-SUB%20id%3D%22lingo-sub-807546%22%20slang%3D%22en-US%22%3EInTune%2C%20SCCM%20or%20Powershell%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-807546%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20Customer%20currently%20using%20SCCM%20that%20needs%20to%20have%20Defender%20ATP%20deployed%2C%20plus%20we%20have%20a%20few%20others%20lined%20up%20in%20the%20coming%20months%2C%20and%20yet%20as%20we're%20reviewing%20the%20config%20details%20we%20consistently%20see%20the%20instructions%20listed%20as%3A%3C%2FP%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fenable-network-protection%23intune%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Intune%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fenable-network-protection%23mdm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMobile%20Device%20Management%20(MDM)%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fenable-network-protection%23sccm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESystem%20Center%20Configuration%20Manager%20(SCCM)%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fenable-network-protection%23group-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGroup%20Policy%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fenable-network-protection%23powershell%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPowerShell%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EExample%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fenable-network-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fenable-network-protection%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20best%20way%20of%20doing%20this%20with%20the%20most%20commanality%3F%20Is%20it%20Powershell%20perhaps%3F%3C%2FP%3E%3CP%3EIdeally%20with%20a%20view%20to%20being%20able%20to%20consistently%20reuse%20the%20same%20configurations%20as%20a%20baseline%20for%20each%20customer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20this%20make%20sense%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-808593%22%20slang%3D%22en-US%22%3ERe%3A%20InTune%2C%20SCCM%20or%20Powershell%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-808593%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129396%22%20target%3D%22_blank%22%3E%40David%20Caddick%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20what%20we%20use%20%2C%20depending%20on%20the%20customer's%20environment%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EIf%20they%20have%20ConfigMgr%2C%20we%20use%20ConfigMgr%20antimalware%20and%20Defender%20ATP%20policies%20to%20configure%20and%20deploy%20Windows%20Defender%20settings%20and%20do%20the%20ATP%20onboarding.%26nbsp%3B%3C%2FLI%3E%3CLI%3EIf%20the%20customer%20uses%20Intune%20only%2C%20we%20do%20all%20via%20Intune.%3C%2FLI%3E%3CLI%3EIf%20they%20have%20VDI%20(without%20ConfigMgr%20Agent%20installed)%2C%20use%20GPO%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20terms%20of%20re-usage%2C%20in%20ConfigMgr%20you%20can%20export%20the%20Antimalware%20policy%20which%20gives%20you%20an%20XML%20file%2C%20that%20you%20can%20easily%20import%20again.%20The%20same%20would%20go%20for%20GPOs.%20Intune%2C%20haven't%20looked%20at%20this%20yet.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20that%20helps%3C%2FP%3E%3CP%3EAlex%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

We have a Customer currently using SCCM that needs to have Defender ATP deployed, plus we have a few others lined up in the coming months, and yet as we're reviewing the config details we consistently see the instructions listed as:

Example:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/e...

 

What is the best way of doing this with the most commanality? Is it Powershell perhaps?

Ideally with a view to being able to consistently reuse the same configurations as a baseline for each customer.

 

Does this make sense?

1 Reply
best response confirmed by David Caddick (Frequent Contributor)
Solution

Hi @David Caddick 

 

This is what we use , depending on the customer's environment:

 

  1. If they have ConfigMgr, we use ConfigMgr antimalware and Defender ATP policies to configure and deploy Windows Defender settings and do the ATP onboarding. 
  2. If the customer uses Intune only, we do all via Intune.
  3. If they have VDI (without ConfigMgr Agent installed), use GPO

 

In terms of re-usage, in ConfigMgr you can export the Antimalware policy which gives you an XML file, that you can easily import again. The same would go for GPOs. Intune, haven't looked at this yet. 

 

Hope that helps

Alex