cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to apply ASR policies to Win 10/11 endpoints from endpoint portal for SCCM managed devices

KashifKloudy
Copper Contributor

‎Feb 02 2023 10:09 PM

‎Feb 02 2023 10:09 PM

Unable to apply ASR policies to Win 10/11 endpoints from endpoint portal for SCCM managed devices

We have on-boarded windows 10/11 endpoints to MDE. Devices are managed by SCCM and on-boarded to MDE using SCCM however AV, EDR and ASR policies we are trying to push from Endpoint portal to utilize the MDE security management capability. AV and EDR policies were applied to the devices however ASR policies are showing "Not Applicable". 

We checked further and found: Microsoft Defender for Endpoint: Push ASR rules with Security Settings Management on managed devices but this does not talk about devices which are managed by SCCM. Hence, I wanted to ask community member if this is not possible to push ASR policies via endpoint portal when devices are managed by SCCM.

1,768 Views
0 Likes
4 Replies
Reply
4 Replies
rahuljindal-MVP

‎Feb 02 2023 11:03 PM

‎Feb 02 2023 11:03 PM

Re: Unable to apply ASR policies to Win 10/11 endpoints from endpoint portal for SCCM managed device

@KashifKloudy how are you assigning the policies? I believe for this feature to work one needs a dedicated Azure AD group with relevant tagging on the devices. Any reason why co-management is not being used?

0 Likes
Reply
KashifKloudy

‎Feb 02 2023 11:11 PM

‎Feb 02 2023 11:11 PM

Re: Unable to apply ASR policies to Win 10/11 endpoints from endpoint portal for SCCM managed device

Yes, we are using device tagging in MDE and connection between MDE and Endpoint portal is done already. we created security group where in MDE on boarded devices are added to the group on which we are pushing the ASR policy. Co-management is not set up yet as the customer is in intune testing phase currently and all devices they are managing using SCCM only. Just policies are being pushed via endpoint portal as a security management feature of MDE
0 Likes
Reply
rahuljindal-MVP

‎Feb 02 2023 11:24 PM

‎Feb 02 2023 11:24 PM

Re: Unable to apply ASR policies to Win 10/11 endpoints from endpoint portal for SCCM managed device

There are limitations to what all you can manage the Defender security management. I will advise to setup co-management and enroll and enable the endpoint security workload just for your pilot devices. Also, what is the SKU for the Windows devices that you are trying to manage?
0 Likes
Reply
KashifKloudy

‎Feb 03 2023 12:13 AM

‎Feb 03 2023 12:13 AM

Re: Unable to apply ASR policies to Win 10/11 endpoints from endpoint portal for SCCM managed device

Windows 10 pro and win 11 devices are in pilot which are supported as per prerequisites for mde. And we have plan to on board 6k+ devices to mde however ASR policy is currently a blocker.

0 Likes
Reply