Microsoft Defender Endpoint Security Policies

Copper Contributor

I have a problem with creating Endpoint Security Policies (Windows policies, Mac policies, Linux policies)

License is Microsoft Defender for Endpoint P2 for EDU.

 

5lBMijAkeI.jpg

9AvTnkyvsR.png

 
9 Replies
Could be a permissions problem. What (Entra) role is assigned to your user? You can also create these policies by going directly to the Intune Admin Center > Endpoint Security.

I have a global administrator, a security administrator and an intune administrator.

I can't create one because I don't have access.

Do I need an intune licence to create security policies?


https://learn.microsoft.com/en-us/mem/intune/fundamentals/unlicensed-admins

I want to enable unlicensed admin, but I have unauthorised access.

 

I have written to support but I don't get a real answer. They say I need to have minimum F1 licence.
In all the documentation I have read, there is no mention of an intune licence to create security policies for endpoints.

https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#licensing-and-subscrip....

 

DTRE32qlJ2.png

 
With either these Entra roles you should be able to access Intune. Are you able to access Intune at all, e.g. Intune > Devices > All devices?
Do you have any licenses in your tenant that include Intune?

@am1357 

If i go to Intune > Devices > All devices i got error below.

CTUuHCznsV.pnggE0HTpqeEm.png

392GVuYBeA.png

I don't have any license in tenant that include Intune.

If i'm correct i don't need any license to acces to Endpoint security in intune.

 

@mico28 

Yes, you will need an Intune license for accessing the Endpoint Security node (https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security#role-based-access-control-req...).

 

am1357_0-1727683070666.png

 

What's the background/idea on onboarding your devices to MDE and managing policies? Were you planning on doing both with Intune or did you want to go the MDE attach route (security config management)?

@am1357 

I wan't to create new policy under Endpoints

UGjvHe1POp.png

Defining endpoint security policies means that Intune will be used. Intune will need an Entra ID group where these devices are added so they can receive policies. How did you onboard the devices to MDE?

@am1357 Devices are hybrid azure ad joined with GPO onboard to MDE.

@mico28 

 

Sound like you want to go the MDE Attach route (https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration).

 

An Intune license assigned to your admin will make is easier but the following option should work:

  • Add the Entra group with your admin(s) to Defender XDR > Settings > Endpoints > Intune permission
    • This will create an MDE endpoint security manager assignment to Intune's Endpoint Security Manager role

 

am1357_0-1727690545519.png

 

am1357_1-1727690554380.png

 

If you haven't done yet, you'll also need to enable MDE attach (= security config management) for your device groups under Defender XDR > Settings > Endpoints > Enforcement Scope

 

Also ensure that you have the connector enabled for this to work in Intune (https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#configure-your-tenant-...)