Intune Android Enterprise Fully Managed Defender for Endpoint activation

New Contributor

Hi All,
Scenario: Intune > Android > Fully Managed profile > Defender for Endpoint deployment

Is there any way to reach a zero-touch / silent method for activating Defender for Endpoint on Android devices ? Users currently need to run through a series of questions to activate it and until they do it does not show up in the Security portal Inventory.

We are using a Compliance policy based on machine risk score to identify devices which haven't activated Defender - this marks them non-compliant until they do.

I'd rather use a deployment/policy to activate Defender silently without any user intervention. As it is a security product on Android Enterprise Fully Managed devices it seems I must be missing a trick here to manage them without user involvement and blocking the user via a non-compliant conditional access policy seems an inefficient way to resolve the issue for everyone.

Is it possible ?

Many thanks

Jas.

2 Replies

Hi @Jas71 ;

Due to certain platform and OS level limitations from Google, currently it is not possible to perform a zero-touch activation of MDE on Android Enterprise devices.

 

Best Regards,

Somesh

If you find this helpful and it answers your question, please mark it as an “Accepted Solution”.

When products are named 'Android Enterprise' and the profile is 'Fully Managed' it seems quite the limitation, we have 1000's of users ignoring the request to follow the activation instructions and the only recourse we have is to use conditional access policies to block them based on non-compliance.

Is there a better way ?
Is there any point in looking at other security products, would they all have this issue due to it being OS and platform limitations imposed by Google ? Would all mdm platforms be the same ?

Sorry, it's frustrating not being able to fully manage these devices, stopping productivity with enforced ca policies isn't a good solution.