Forum Discussion

Copper Contributor

Sep 26, 2024

Microsoft Defender Endpoint Security Policies

I have a problem with creating Endpoint Security Policies (Windows policies, Mac policies, Linux policies) License is Microsoft Defender for Endpoint P2 for EDU.

am1357
Sep 30, 2024
mico28

Sound like you want to go the MDE Attach route (https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration).

An Intune license assigned to your admin will make is easier but the following option should work:
Add the Entra group with your admin(s) to Defender XDR > Settings > Endpoints > Intune permission
This will create an MDE endpoint security manager assignment to Intune's Endpoint Security Manager role

You can confirm that this worked by going to Intune > Tenant Admin > Roles > Endpoint Security Manager > Assignments
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-policy#assign-role-based-access-controls-for-endpoint-security-policy

If you haven't done yet, you'll also need to enable MDE attach (= security config management) for your device groups under Defender XDR > Settings > Endpoints > Enforcement Scope

Also ensure that you have the connector enabled for this to work in Intune (https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#configure-your-tenant-to-support-defender-for-endpoint-security-settings-management)

mico28

Copper Contributor

I have a global administrator, a security administrator and an intune administrator.

I can't create one because I don't have access.

Do I need an intune licence to create security policies?

https://learn.microsoft.com/en-us/mem/intune/fundamentals/unlicensed-admins

I want to enable unlicensed admin, but I have unauthorised access.

I have written to support but I don't get a real answer. They say I need to have minimum F1 licence.
In all the documentation I have read, there is no mention of an intune licence to create security policies for endpoints.

https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#licensing-and-subscriptions.

am1357

Brass Contributor

Sep 30, 2024

With either these Entra roles you should be able to access Intune. Are you able to access Intune at all, e.g. Intune > Devices > All devices?
Do you have any licenses in your tenant that include Intune?

mico28
Copper Contributor
Sep 30, 2024
am1357
If i go to Intune > Devices > All devices i got error below.
I don't have any license in tenant that include Intune.
If i'm correct i don't need any license to acces to Endpoint security in intune.
- am1357
  Brass Contributor
  Sep 30, 2024
  mico28
  Yes, you will need an Intune license for accessing the Endpoint Security node (https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security#role-based-access-control-requirements).
  
  What's the background/idea on onboarding your devices to MDE and managing policies? Were you planning on doing both with Intune or did you want to go the MDE attach route (security config management)?
  - mico28
    Copper Contributor
    Sep 30, 2024
    am1357
    I wan't to create new policy under Endpoints

Forum Discussion

Microsoft Defender Endpoint Security Policies

Share

Resources