cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Change MDM Authority from MDE to MEM

jrfre
Copper Contributor

‎Aug 31 2022 09:08 AM

‎Aug 31 2022 09:08 AM

Change MDM Authority from MDE to MEM

Hi All,

 

I am working on a new tenant that has some devices managed in Microsoft Endpoint Manager/Intune and them some that are managed in Microsoft Defender for Endpoint.  Devices managed in MDE show up as Unknown ownership and Not Evaluated for Compliance.  I want to change the device management authority from MDE to MEM without having to offboard the devices from MDE, as that can take up to seven days to process completely.  

 

I haven't found any documentation for this scenario, any help that can be passed along will be appreciated :)

5,197 Views
1 Like
2 Replies
Reply
2 Replies
best response confirmed by jrfre (Copper Contributor)
NielsScheffers

‎Sep 02 2022 07:11 AM

‎Sep 02 2022 07:11 AM

Solution

Re: Change MDM Authority from MDE to MEM

Hi @jrfre! I have to admit, I haven't actually done this yest myself. But let's walk through the theory first.

 

MDE offboarding is instant, you don't have to wait 7 days. That's just how long the Defender portal will allow an endpoint to stop sending telemetry before marking it 'inactive'. The MDE agent simply detaches itself from the tenant. 

 

If you then enroll it in Intune, the MDM channel should be switched over. Assuming you've configured something to onboard the endpoint in MDE again in Intune, so that'll be restored as well. 

 

I'd be happy to test it out for you, but am not in a position to do that before monday. Let me know if you need any more help!

0 Likes
Reply
jrfre

‎Sep 02 2022 07:36 AM

‎Sep 02 2022 07:36 AM

Re: Change MDM Authority from MDE to MEM

Hi @NielsScheffers
Thanks for the reply. After posting I realized that the 7 day wait for MDE to process the offboarding was incorrect. Once offboarded from there, enroll devices into MEM, and further to MDE so that the authority is MEM and enforced by MDE.
Ta-da!
Thanks for the help :)
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by jrfre (Copper Contributor)
NielsScheffers

‎Sep 02 2022 07:11 AM

‎Sep 02 2022 07:11 AM

Solution

Re: Change MDM Authority from MDE to MEM

Hi @jrfre! I have to admit, I haven't actually done this yest myself. But let's walk through the theory first.

 

MDE offboarding is instant, you don't have to wait 7 days. That's just how long the Defender portal will allow an endpoint to stop sending telemetry before marking it 'inactive'. The MDE agent simply detaches itself from the tenant. 

 

If you then enroll it in Intune, the MDM channel should be switched over. Assuming you've configured something to onboard the endpoint in MDE again in Intune, so that'll be restored as well. 

 

I'd be happy to test it out for you, but am not in a position to do that before monday. Let me know if you need any more help!

View solution in original post

0 Likes
Reply