May 02 2022 11:48 PM
Hi Everyone,
I'm working on implementing Defender for Endpoints for our servers (2012r2, 2016 & 2019) currently. I'm needing some help on the steps required to get it working. For reference, this is what I've done:
- Hybrid environment, however I've noticed that only users are syncing via Azure AD Connect and hybrid Azure AD join isn't configured.
- I've turned the preview settings, etc on for Defender for Endpoints in Intune and the Defender portal.
- I have onboarded some of the servers and they appear in the Defender portal with their details, but do not show in Intune (I take it they should appear here so I can assign Defender config settings)?
- There is an LDAP API error on the servers in the Defender portal - I'm thinking this is due to them not being in Azure AD?
Is the solution as simple as configure computer sync/Azure AD hybrid join? I'm just wanting the servers to get the Defender for Endpoints settings and not be managed by Intune if possible.
Thank you for any assistance!
May 03 2022 07:16 AM
Yes you should just need to enable the Hybrid AD join, for devices and servers.
Next Make sure you configure the settings here, https://endpoint.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/atp and here https://security.microsoft.com/preferences2/configuration_management2
Takes a While after that but the devices will start showing like this
May 03 2022 10:43 AM - edited May 03 2022 10:49 AM
Are you trying to manage endpoint exclusions for servers via Intune? If you are, I feel your pain. I am trying to add exclusions to Microsoft Servers of various versions Defender settings. Outside of using a GPO, or SCCM. I can't find anything of use. All I have is this.
Configure and validate exclusions based on extension, name, or location | Microsoft Docs
If there is a way to manage Defender Endpoint exclusions for Servers via any Defender portal I can find.