Need some help implementing Defender for Endpoints

Occasional Visitor

Hi Everyone,

 

I'm working on implementing Defender for Endpoints for our servers (2012r2, 2016 & 2019) currently. I'm needing some help on the steps required to get it working. For reference, this is what I've done:

 

- Hybrid environment, however I've noticed that only users are syncing via Azure AD Connect and hybrid Azure AD join isn't configured.

- I've turned the preview settings, etc on for Defender for Endpoints in Intune and the Defender portal.

- I have onboarded some of the servers and they appear in the Defender portal with their details, but do not show in Intune (I take it they should appear here so I can assign Defender config settings)?

- There is an LDAP API error on the servers in the Defender portal - I'm thinking this is due to them not being in Azure AD?

 

Is the solution as simple as configure computer sync/Azure AD hybrid join? I'm just wanting the servers to get the Defender for Endpoints settings and not be managed by Intune if possible.

 

Thank you for any assistance!

2 Replies

@AusA380 

Yes you should just need to enable the Hybrid AD join, for devices and servers.

  • Hybrid Azure Active Directory Join must be configured in your environment (either through Federation or AAD Connect Sync)
  • AAD Connect Sync must include the device objects in scope for synchronization with Azure Active Directory (when needed for join)

Next Make sure you configure the settings here, https://endpoint.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/atp and here https://security.microsoft.com/preferences2/configuration_management2

 

Takes a While after that but the devices will start showing like this 

nullnull_0-1651587355134.png

 

Are you trying to manage endpoint exclusions for servers via Intune? If you are, I feel your pain. I am trying to add exclusions to Microsoft Servers of various versions Defender settings. Outside of using a GPO, or SCCM. I can't find anything of use. All I have is this. 

 

Configure and validate exclusions based on extension, name, or location | Microsoft Docs

 

If there is a way to manage Defender Endpoint exclusions for Servers via any Defender portal I can find.