Feb 02 2023 12:19 PM - edited Feb 02 2023 12:23 PM
Hello all,
I'm having trouble getting Windows machines that are joined to the local domain\ hybrid joined to azure and enrolled in Intune\MDE to take polices from Windows Defender for Endpoint. These machines in the past had a domain GPO that applied to them to disable the defender firewall and antivirus. On the GPO that still applies to them (it has other settings we want to keep) the defender and firewall settings are now set to "not configured" I then went into the registry on the PC and deleted the policies that disabled the firewall and antivirus from the domain gpo.
I would now expect for Intune\MDM to take control of the firewall and push the policy.
Is there anything else I would need to do?
Thanks
Feb 02 2023 02:30 PM
Feb 02 2023 03:32 PM - edited Feb 02 2023 03:47 PM
It doesn't appear that the policies are working even though I can see them applied. For example defender endpoint says firewall is enabled on domain\private\public with no exceptions and I still can ping the machine in question. Thinks like that.
Is there a command prompt to force a client to check in with Defender endpoint? I already tried to sync the client in the intune interface.
Also, I may be a little confused on where to enroll these devices. I thought the place to manage windows defender would be Microsoft Endpoint Manager. However, after reading this:
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?view=o365-worldwide
It appears that maybe I shouldnt be using MDE. "With this capability, devices that aren’t managed by a Microsoft Endpoint Manager service can receive security configurations for Microsoft Defender for Endpoint directly from Endpoint Manager."
My devices are enrolled in MEM and can be managed by MEM.
"When a device is managed by Endpoint Manager (enrolled to Intune) the device won't process policies for Security Management for Microsoft Defender for Endpoint. Instead, use Intune to deploy policy for Defender for Endpoint to your devices."
Feb 02 2023 11:09 PM