Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Unable to deploy Security settings via MDE

Copper Contributor

Hello All,


We have Windows 10 enrolled in MDE and currently we are exploring to deploy the MDE related security settings to deploy via MEM portal. --> Device ---> Windows ---> In that a new configuration policy is created to block the USB devices on test group. 


Its more than a week now, we are unable to see anything is getting deployed.  


6 Replies
Some more information would help.
Are the devices MDM enrolled in Intune?
What settings are you trying to deploy, and what type of policy are you using?
What is the status of the policy assignment on the devices?

If you are trying to manage security settings for devices managed by MDE (not intune enrolled),
there are limitations to what you can do.
Hey, Thanks for the reply..
The devices are not enrolled in MDM, but they are enrolled in Ws1.
We are trying to deploy a custom policy to Block the USB on Windows 10.
there is no information on the portal for the policy assignment.

Just FYI, below are the settings we have in custom policy
OMA-URI Settings

USB Block ./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled Integer
DefaultDeny ./Vendor/MSFT/Defender/Configuration/DefaultEnforcement Integer


The only MDE policies that can be deployed without Intune enrollment, are the ones listed under "MDE Security configuration" in the screenshot below.

Therefore, I am pretty sure the devices need to be enrolled in Intune if you want to deploy OMA-URI policies.



As is listed below, only "Endpoint security policies" can be managed (and only some of them) can be managed without Intune. Configuration profiles are only available with Intune.



Thank you, in suggestion how can this be achieve?
I am not familiar with ws1, but if you are able to create something similar to oma-uri profiles in ws1, that sounds like the best option?