cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Migrating computers that had GPOs that disabled Defender Firewall and Antivirus.

TYD
Brass Contributor

‎Feb 02 2023 12:19 PM - edited ‎Feb 02 2023 12:23 PM

‎Feb 02 2023 12:19 PM - edited ‎Feb 02 2023 12:23 PM

Migrating computers that had GPOs that disabled Defender Firewall and Antivirus.

Hello all,

 

I'm having trouble getting Windows machines that are joined to the local domain\ hybrid joined to azure and enrolled in Intune\MDE to take polices from Windows Defender for Endpoint. These machines in the past had a domain GPO that applied to them to disable the defender firewall and antivirus.  On the GPO that still applies to them (it has other settings we want to keep) the defender and firewall settings are now set to "not configured" I then went into the registry on the PC and deleted the policies that disabled the firewall and antivirus from the domain gpo.

 

I would now expect for Intune\MDM to take control of the firewall and push the policy.

 

Is there anything else I would need to do?

 

Thanks

 



 

 

1,344 Views
0 Likes
3 Replies
Reply
3 Replies
rahuljindal-MVP

‎Feb 02 2023 02:30 PM

‎Feb 02 2023 02:30 PM

Re: Migrating computers that had GPOs that disabled Defender Firewall and Antivirus.

Sounds about right. So what’s not working?
0 Likes
Reply
TYD

‎Feb 02 2023 03:32 PM - edited ‎Feb 02 2023 03:47 PM

‎Feb 02 2023 03:32 PM - edited ‎Feb 02 2023 03:47 PM

Re: Migrating computers that had GPOs that disabled Defender Firewall and Antivirus.

@rahuljindal-MVP 

 

It doesn't appear that the policies are working even though I can see them applied. For example defender endpoint says firewall is enabled on domain\private\public with no exceptions and I still can ping the machine in question. Thinks like that.

 

Is there a command prompt to force a client to check in with Defender endpoint? I already tried to sync the client in the intune interface.

 

Also, I may be a little confused on where to enroll these devices. I thought the place to manage windows defender would be  Microsoft Endpoint Manager. However, after reading this:

https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?view=o365-worldwide

It appears that maybe I shouldnt be using MDE.  "With this capability, devices that aren’t managed by a Microsoft Endpoint Manager service can receive security configurations for Microsoft Defender for Endpoint directly from Endpoint Manager."

 

My devices are enrolled in MEM and can be managed by MEM.

 

"When a device is managed by Endpoint Manager (enrolled to Intune) the device won't process policies for Security Management for Microsoft Defender for Endpoint. Instead, use Intune to deploy policy for Defender for Endpoint to your devices."

 

 

 

 

 

 

 

 

0 Likes
Reply
rahuljindal-MVP

‎Feb 02 2023 11:09 PM

‎Feb 02 2023 11:09 PM

Re: Migrating computers that had GPOs that disabled Defender Firewall and Antivirus.

Yes in your case using Intune to manage the policies looks like the logical option. You can check MDM diagnostic report, device events to see if the Defender policies are applying correctly or not. Do you have the devices onboarded on Defender for endpoint as well? If yes, then you can check under vulnerability recommendations in Defender Portal as well.
0 Likes
Reply