Forum Discussion

kramer314's avatar
kramer314
Copper Contributor
Jul 21, 2022

Intune remote action compatibility with Defender EDR isolation

We're leveraging Intune alongside Defender for Endpoint. One challenge we're running into is that with Defender EDR, when our security team isolates a device, all connectivity to the Intune service i...
Intune
  • NielsScheffers's avatar
    NielsScheffers
    Jul 22, 2022

    There is no such option.

     

    You could use Live Response (isolated devices can still access the Defender service) to access such devices. That's probably also why the option isn't available, as you can run scripts in Live Response sessions (and, as such, don't need to have a connection to MDM).

     

    If you allowed communications you could also instruct the user to reset their device. 

NielsScheffers's avatar
NielsScheffers
Iron Contributor
Jul 22, 2022

There is no such option.

 

You could use Live Response (isolated devices can still access the Defender service) to access such devices. That's probably also why the option isn't available, as you can run scripts in Live Response sessions (and, as such, don't need to have a connection to MDM).

 

If you allowed communications you could also instruct the user to reset their device. 

Resources