cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to deploy Security settings via MDE

g461571
Copper Contributor

‎Oct 17 2022 10:05 PM

‎Oct 17 2022 10:05 PM

Unable to deploy Security settings via MDE

Hello All,

 

We have Windows 10 enrolled in MDE and currently we are exploring to deploy the MDE related security settings to deploy via MEM portal.

 

http://ednpoint.microsoft.com --> Device ---> Windows ---> In that a new configuration policy is created to block the USB devices on test group. 

 

Its more than a week now, we are unable to see anything is getting deployed.  

 

1,603 Views
0 Likes
6 Replies
Reply
6 Replies
Jonhed

‎Oct 18 2022 06:03 AM

‎Oct 18 2022 06:03 AM

Re: Unable to deploy Security settings via MDE

Some more information would help.
Are the devices MDM enrolled in Intune?
What settings are you trying to deploy, and what type of policy are you using?
What is the status of the policy assignment on the devices?

If you are trying to manage security settings for devices managed by MDE (not intune enrolled),
there are limitations to what you can do.
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration
0 Likes
Reply
g461571

‎Oct 18 2022 06:06 AM

‎Oct 18 2022 06:06 AM

Re: Unable to deploy Security settings via MDE

Hey, Thanks for the reply..
The devices are not enrolled in MDM, but they are enrolled in Ws1.
We are trying to deploy a custom policy to Block the USB on Windows 10.
there is no information on the portal for the policy assignment.

Just FYI, below are the settings we have in custom policy
OMA-URI Settings

USB Block ./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled Integer
DefaultDeny ./Vendor/MSFT/Defender/Configuration/DefaultEnforcement Integer
0 Likes
Reply
Jonhed

‎Oct 18 2022 06:27 AM

‎Oct 18 2022 06:27 AM

Re: Unable to deploy Security settings via MDE

@g461571 

The only MDE policies that can be deployed without Intune enrollment, are the ones listed under "MDE Security configuration" in the screenshot below.

Therefore, I am pretty sure the devices need to be enrolled in Intune if you want to deploy OMA-URI policies.

Jonhed_0-1666099501332.png

 

0 Likes
Reply
Jonhed

‎Oct 18 2022 06:30 AM

‎Oct 18 2022 06:30 AM

Re: Unable to deploy Security settings via MDE

As is listed below, only "Endpoint security policies" can be managed (and only some of them) can be managed without Intune. Configuration profiles are only available with Intune.

Jonhed_0-1666099773968.png

 

0 Likes
Reply
g461571

‎Oct 18 2022 09:17 AM

‎Oct 18 2022 09:17 AM

Re: Unable to deploy Security settings via MDE

Thank you, in suggestion how can this be achieve?
0 Likes
Reply
Jonhed

‎Oct 18 2022 09:25 PM

‎Oct 18 2022 09:25 PM

Re: Unable to deploy Security settings via MDE

I am not familiar with ws1, but if you are able to create something similar to oma-uri profiles in ws1, that sounds like the best option?
0 Likes
Reply