cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Microsoft Defender On-Premise (No Internet connectivity)

SecEngLayer2
Copper Contributor

‎Feb 21 2022 07:08 AM

‎Feb 21 2022 07:08 AM

Microsoft Defender On-Premise (No Internet connectivity)

Hello,

 

Is there a way to mange/configure/administer  MS Defender clients in an On-Premise environment with no connection to Azure cloud management portals please?

 

Many Thanks,

Graeme

6,773 Views
0 Likes
9 Replies
Reply
9 Replies
BenR87

‎Feb 25 2022 02:24 AM

‎Feb 25 2022 02:24 AM

Re: Microsoft Defender On-Premise (No Internet connectivity)

I would like to know this as well. We are currently looking into switching to Defender. Quite a few devices in are network are offline. These include Windows 10 machines. From what I've read in another topic, these W10 devices can be problematic in an offline configuration. Is this still the case or are there solutions in place to counter this?

0 Likes
Reply
mas18

‎Feb 27 2022 04:25 AM

‎Feb 27 2022 04:25 AM

Re: Microsoft Defender On-Premise (No Internet connectivity)

If you are planning to use Defender as only AV solution then yes you can manage on-prem endpoints without connection to MDE but still you need to find a way to download Defender security intelligence and platform updates. If you are planning to use Defender as EDR+NGAV solution then you must work on allowing your on-prem endpoints to connect MDE urls. note:Proxy can be configured to connect on-prem endpoints to MDE cloud services,
0 Likes
Reply
best response confirmed by SecEngLayer2 (Copper Contributor)
Reza_Ameri

‎Feb 27 2022 07:53 AM

‎Feb 27 2022 07:53 AM

Solution

Re: Microsoft Defender On-Premise (No Internet connectivity)

Yes, it is possible to manage it using Microsoft Endpoint Configuration Manager and you many manage it on-premise. It is possible to manage it using Group Policy and PowerShell but you have some challenges. Offline updating definition is possible but you have to download the definition updates everyday and then deploy them or add them to share files. Take a look at:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-mde-post-migration-...
1 Like
Reply
BenR87

‎Feb 28 2022 05:29 AM

‎Feb 28 2022 05:29 AM

Re: Microsoft Defender On-Premise (No Internet connectivity)

@Reza_AmeriThanks for the reply! Is this also possible for a hybrid solution? About 10% of our devices are offline, the rest is online. So the cloud solution would be awesome for the majority of devices. Also, we don't use SCCM, so for just the 10% of devices policies and powershell would be fine.

0 Likes
Reply
Reza_Ameri

‎Mar 01 2022 07:31 AM

‎Mar 01 2022 07:31 AM

Re: Microsoft Defender On-Premise (No Internet connectivity)

ideal hybrid model would be using Intune and SCCM and it works well. However, in your scenario, you may manage them with could solutions like Intune and for those 10% write manual script or modify registry but without SCCM you will have to do a lot of manual tasks.
1 Like
Reply
BenR87

‎Mar 03 2022 04:16 AM

‎Mar 03 2022 04:16 AM

Re: Microsoft Defender On-Premise (No Internet connectivity)

Are there resources available for scenarios without SCCM? I read a lot about scripts and manual tasks, but can hardly find any examples. It would be great if we could see what the manual solution would involve before deciding for SCCM.
0 Likes
Reply
BenR87

‎Mar 04 2022 12:43 AM - edited ‎Mar 04 2022 12:52 AM

‎Mar 04 2022 12:43 AM - edited ‎Mar 04 2022 12:52 AM

Re: Microsoft Defender On-Premise (No Internet connectivity)

Thanks for pointing me to the resources, Reza! What I'm actually missing is the practical implementation for this hybrid (Powershell + cloud) solution. It almost seems that Microsoft doesn't support this and we actually need to patch things together to make this 'work'.

0 Likes
Reply
Reza_Ameri

‎Mar 04 2022 07:51 AM

‎Mar 04 2022 07:51 AM

Re: Microsoft Defender On-Premise (No Internet connectivity)

Yes, there is no supported PowerShell + Cloud and you have to design and implement your own scenario. The hybrid scenario recommended from Microsoft is Intune+ConfigMgr and Microsoft also simplified the licensing requirements and working on simplifying hybrid model in such a case.
0 Likes
Reply