Change MDM Authority from MDE to MEM

jrfre · ‎Aug 31 2022

Hi All,

I am working on a new tenant that has some devices managed in Microsoft Endpoint Manager/Intune and them some that are managed in Microsoft Defender for Endpoint. Devices managed in MDE show up as Unknown ownership and Not Evaluated for Compliance. I want to change the device management authority from MDE to MEM without having to offboard the devices from MDE, as that can take up to seven days to process completely.

I haven't found any documentation for this scenario, any help that can be passed along will be appreciated :)

jrfre · ‎Sep 02 2022

Hi @jrfre! I have to admit, I haven't actually done this yest myself. But let's walk through the theory first.

MDE offboarding is instant, you don't have to wait 7 days. That's just how long the Defender portal will allow an endpoint to stop sending telemetry before marking it 'inactive'. The MDE agent simply detaches itself from the tenant.

If you then enroll it in Intune, the MDM channel should be switched over. Assuming you've configured something to onboard the endpoint in MDE again in Intune, so that'll be restored as well.

I'd be happy to test it out for you, but am not in a position to do that before monday. Let me know if you need any more help!

jrfre · ‎Sep 02 2022

Hi @NielsScheffers
Thanks for the reply. After posting I realized that the 7 day wait for MDE to process the offboarding was incorrect. Once offboarded from there, enroll devices into MEM, and further to MDE so that the authority is MEM and enforced by MDE.
Ta-da!
Thanks for the help :)

Change MDM Authority from MDE to MEM

Change MDM Authority from MDE to MEM

Re: Change MDM Authority from MDE to MEM

Re: Change MDM Authority from MDE to MEM

Products (64)

Special Topics (44)

Video Hub (976)

Most Active Hubs

Most Active Hubs

Video Hub

Change MDM Authority from MDE to MEM

Change MDM Authority from MDE to MEM

Re: Change MDM Authority from MDE to MEM

Re: Change MDM Authority from MDE to MEM