SOLVED

Defender for Endpoint Onboardingprofile Conflicts

Occasional Contributor

I have the problem that some newly installed clients do not onboard in Defender. The onboarding is done via the Intune. For this purpose, a device configuration profile was created and set in the Intune Defender settings under the EDR Settings Tab.

As far as I can see, the settings are duplicated here.
Is it correct that these settings can only be set in the device configuration profile and under EDR to "not configured"? What is the right way?

 

Thanks

3 Replies
best response confirmed by 53CU1t (Occasional Contributor)
Solution

@53CU1t 

 

Not sure where your conflict comes from.. What policies did you exactly configure and are there multiple policies?


You can either deploy the onboarding package app or use the EDR policy.

assuming the prerequisites are met, here's how I onboard devices:

I use EDR to onboard devices. The profiles include an onboarding package for Microsoft Defender for Endpoint

 

  • Defender for endpoint enabled and connected with Intune/MEM. Service to service sync is up and running.
  • MEM>Endpoint Security>Endpoint Detection and Response
  • Create Profile
    • Platform: Windows 10, Windows 11 and Windows Server
    • Profile: Endpoint Detection and response
  • Microsoft Defender for Endpoint client configuration package type
    --> Auto from connector
  • Sample Sharing and Telemetry as desired.

This should do the trick. Here are the docs that can help you with the configuration.

  1. https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure
  2. https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-policy

 

2022-04-30_16h25_48.jpg

@Oktay Sari I have the same issue, when I set "Auto from connector" I get an error message: "An error occurred. Request ID: xxxxxx-xxxx...  Won't let me save the profile.  Only option that works is "not configured"

 

I have follow all of the prerequisites, but have no idea what is blocking me from using Auto from Connector.  

Hi @jwagsbluevoyant, I had a couple of weeks off. Did you manage to fix this? Otherwise, I guess your best bet, would be to contact MS Support for the error message.