Forum Discussion

Seiun's avatar
Seiun
Copper Contributor
Aug 23, 2024

Onboard domain computers by GPO deployment. Policy created by Defender Portal are not deployed

Hi

I onboarded computers using Group Policy Deployment and set additional GPO settings described in this document: Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy - Microsoft Defender for Endpoint | Microsoft Learn

 

Then I created Endpoint Security Policies in Defender Portal. Assign to All Users and All computers groups. I see that these policies are not deployed to computers.  Option "Policy sync" on computer menu is grey out (disabled). I don't know why?

Perhaps if I set additional defender settings by GPO it is means that I cannot use Endpoint Security Policies in Defender Portal? We don't use Intune or MDM. We have only Defender for Endpoint P1 licence and synchronization domain users and computers account with Microsoft Entra.

 

Thank you for help

Tomasz

 

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    Have you enabled the MDE connector with Intune? Also, if the devices are not enrolled in Intune then you are looking at enabling security configuration management feature. Have you done that?
    • Seiun's avatar
      Seiun
      Copper Contributor
      Hi,
      I didn't enabled the MDE connector with Intune because we don't have Intune Licencses. Is Intune necessary to configure Defender environment?
      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        Apologies, I miss read endpoint security profiles being used with Intune. If you are using the profiles in Defender then it is not necessary to connect with Intune. Are the devices reporting onboarded with their sensors active? Have you tried assignments against Defender device groups?

Resources