SOLVED

Microsoft Defender On-Premise (No Internet connectivity)

%3CLINGO-SUB%20id%3D%22lingo-sub-3193826%22%20slang%3D%22en-US%22%3EMicrosoft%20Defender%20On-Premise%20(No%20Internet%20connectivity)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3193826%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20mange%2Fconfigure%2Fadminister%26nbsp%3B%20MS%20Defender%20clients%20in%20an%20On-Premise%20environment%20with%20no%20connection%20to%20Azure%20cloud%20management%20portals%20please%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20Thanks%2C%3C%2FP%3E%3CP%3EGraeme%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3213081%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20On-Premise%20(No%20Internet%20connectivity)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3213081%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20like%20to%20know%20this%20as%20well.%20We%20are%20currently%20looking%20into%20switching%20to%20Defender.%20Quite%20a%20few%20devices%20in%20are%20network%20are%20offline.%20These%20include%20Windows%2010%20machines.%20From%20what%20I've%20read%20in%20another%20topic%2C%20these%20W10%20devices%20can%20be%20problematic%20in%20an%20offline%20configuration.%20Is%20this%20still%20the%20case%20or%20are%20there%20solutions%20in%20place%20to%20counter%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3217961%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20On-Premise%20(No%20Internet%20connectivity)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3217961%22%20slang%3D%22en-US%22%3EIf%20you%20are%20planning%20to%20use%20Defender%20as%20only%20AV%20solution%20then%20yes%20you%20can%20manage%20on-prem%20endpoints%20without%20connection%20to%20MDE%20but%20still%20you%20need%20to%20find%20a%20way%20to%20download%20Defender%20security%20intelligence%20and%20platform%20updates.%20If%20you%20are%20planning%20to%20use%20Defender%20as%20EDR%2BNGAV%20solution%20then%20you%20must%20work%20on%20allowing%20your%20on-prem%20endpoints%20to%20connect%20MDE%20urls.%20note%3AProxy%20can%20be%20configured%20to%20connect%20on-prem%20endpoints%20to%20MDE%20cloud%20services%2C%3C%2FLINGO-BODY%3E
Occasional Visitor

Hello,

 

Is there a way to mange/configure/administer  MS Defender clients in an On-Premise environment with no connection to Azure cloud management portals please?

 

Many Thanks,

Graeme

9 Replies

I would like to know this as well. We are currently looking into switching to Defender. Quite a few devices in are network are offline. These include Windows 10 machines. From what I've read in another topic, these W10 devices can be problematic in an offline configuration. Is this still the case or are there solutions in place to counter this?

If you are planning to use Defender as only AV solution then yes you can manage on-prem endpoints without connection to MDE but still you need to find a way to download Defender security intelligence and platform updates. If you are planning to use Defender as EDR+NGAV solution then you must work on allowing your on-prem endpoints to connect MDE urls. note:Proxy can be configured to connect on-prem endpoints to MDE cloud services,
best response confirmed by SecEngLayer2 (Occasional Visitor)
Solution
Yes, it is possible to manage it using Microsoft Endpoint Configuration Manager and you many manage it on-premise. It is possible to manage it using Group Policy and PowerShell but you have some challenges. Offline updating definition is possible but you have to download the definition updates everyday and then deploy them or add them to share files. Take a look at:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-mde-post-migration-...

@Reza_AmeriThanks for the reply! Is this also possible for a hybrid solution? About 10% of our devices are offline, the rest is online. So the cloud solution would be awesome for the majority of devices. Also, we don't use SCCM, so for just the 10% of devices policies and powershell would be fine.

ideal hybrid model would be using Intune and SCCM and it works well. However, in your scenario, you may manage them with could solutions like Intune and for those 10% write manual script or modify registry but without SCCM you will have to do a lot of manual tasks.
Are there resources available for scenarios without SCCM? I read a lot about scripts and manual tasks, but can hardly find any examples. It would be great if we could see what the manual solution would involve before deciding for SCCM.

Thanks for pointing me to the resources, Reza! What I'm actually missing is the practical implementation for this hybrid (Powershell + cloud) solution. It almost seems that Microsoft doesn't support this and we actually need to patch things together to make this 'work'.

Yes, there is no supported PowerShell + Cloud and you have to design and implement your own scenario. The hybrid scenario recommended from Microsoft is Intune+ConfigMgr and Microsoft also simplified the licensing requirements and working on simplifying hybrid model in such a case.