SOLVED

Compliance check for EDR solution

Frequent Contributor

Hi everyone,

 

We want to be able to disconnect a user from the corporate WI-FI if our EDR solution is off for some reason.

We have both Azure joined and hybrid laptops and what we did with our domain joined is run a script from a server in our LAN against the computer to check whether or not the process is running.

Since we can't use the same with Azure joined we are searching a simple solution to just check that the EDR AV is enabled. And if not, disconnect from the network by using a script.

Is there a way to do the same thing with Intune? We want to make sure that if the computer isn't compliant it will be disconnected from the corporate WIFI.

 

Thanks, Rahamim.

5 Replies
Are you using Defender for Endpoint as your EDR? Or a third party out of curiosity?
Third Party
best response confirmed by RahamimL (Frequent Contributor)
Solution
You could potentially leverage the same script. The issue with deploying PowerShell Scripts from Intune is it's a one and done deployment. The script is not running repeatedly. Are you running that script on a schedule?
Thanks, What we will use is this script as a win32 app with azure log analytics to get an alert when the app fails. this will help us, for now, to check the EDR client. If for some reason the client stops, we will get an alert via email.
Sounds like a plan. Cheers