Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community
Endpoint security for unenrolled Defender for Endpoint devices
Published Nov 02 2021 08:00 AM 17.3K Views

Today, Microsoft is introducing a unified way to manage security policies in Microsoft Endpoint Manager for unenrolled Windows devices onboarded to Microsoft Defender for Endpoint.

With this new functionality, Windows devices that are not currently managed by Endpoint Manager can still be protected with the security policies traditionally applied to enrolled devices.

Are you using multiple tools to manage your devices?

Consistent endpoint security policy configurations are core to an effective Zero Trust security strategy.

With Microsoft Defender for Endpoint and Endpoint Manager, we've already unified and integrated endpoint security management in a single console. Devices that are managed by Microsoft Endpoint Manager (Either Intune or Configuration Manager) retrieve policy and report status to a single console, simplifying security management.

However, not all devices within the enterprise digital estate may be managed by Endpoint Manager. Managing devices in multiple places adds complexity, slows IT productivity and may add additional overhead.

Unified management for consistent data protection and efficient security operations

We're starting to gradually roll out the public preview of the ability to manage security policies of devices onboarded to Microsoft Defender for Endpoint that are not managed in Endpoint Manager. With Microsoft Defender for Endpoint and Endpoint Manager, you can bring devices that have been traditionally unable to enroll in Endpoint Manager into the same security management control surface as your other managed devices to deploy and monitor your security management policies in a consistent, unified way.

Unified endpoint management includes Defender for Endpoint channelsUnified endpoint management includes Defender for Endpoint channels

This means that organizations don't have to manage these devices with separate tools. This new solution will greatly reduce the scenarios where additional tools are used to manage a device, making it easier to manage your devices from a single place, Microsoft Endpoint Manager. By having a single tool, data protection, compliance and threat reduction are all applied consistently. You'll no longer need to employ an additional security management tool to account for and protect the data on all devices.

Devices with Defender for Endpoint in Endpoint Manager device inventory with other management channelsDevices with Defender for Endpoint in Endpoint Manager device inventory with other management channels

Another benefit is enhanced IT and Security Operations collaboration. By using Microsoft Endpoint Manager as the single control plane and role-based access control (RBAC), the transparency and efficiencies help your organization collaborate and together move closer towards achieving a Zero Trust security model.

Easy set-up based on Microsoft's connected cloud.

To use this new scenario, organizations need to enable security management in both the Microsoft Endpoint Manager and Microsoft Defender for Endpoint consoles. Once enabled, Microsoft's management and security surfaces start working together, automatically determining which devices are onboarded to Microsoft Defender for Endpoint, and whether or not they are also enrolled in Microsoft Endpoint Manager. This new scenario complements existing integrations for conditional access and seamless onboarding scenarios for Microsoft Defender for Endpoint.

Devices that are not enrolled in Microsoft Endpoint Manager will automatically be configured with updated security management policies. There's no longer a need for security operations or IT Administrators to manually change the device state. The device will register with Azure Active Directory, either through existing hybrid processes or directly with Azure for workgroup devices. The device can then use that identity to start communicating with Microsoft Endpoint Manager.

These behind-the-scenes communications enable the device to be targeted to receive security management policies just like any other device. Azure Active Directory groups help to target policies, and the devices with Defender for Endpoint use their group membership to determine which policies are applied.

Learn more

You can find more information about this scenario with this documentation for Endpoint Manager. This week, please join us to find out more about Endpoint Manager at Microsoft Ignite 2021. We're also offering an on-demand technical session to help you learn about security management in Endpoint Manager.

Let us know about your Endpoint Manager experiences through comments on this blog post or reach out to @IntuneSuppTeam on Twitter. Tweet your feedback about Microsoft Endpoint using the hashtag #MEMpowered. If you're interested in ongoing developments on Endpoint Manager, we invite you to follow the Microsoft Endpoint Manager Blog and @MSIntune on Twitter.


Version history
Last update:
‎Nov 02 2021 06:50 AM
Updated by: