Forum Discussion
Intune remote action compatibility with Defender EDR isolation
We're leveraging Intune alongside Defender for Endpoint. One challenge we're running into is that with Defender EDR, when our security team isolates a device, all connectivity to the Intune service i...
There is no such option.
You could use Live Response (isolated devices can still access the Defender service) to access such devices. That's probably also why the option isn't available, as you can run scripts in Live Response sessions (and, as such, don't need to have a connection to MDM).
If you allowed communications you could also instruct the user to reset their device.
Intune remote action is compatible with Defender EDR isolation. Intune is a cloud-based service provided by Microsoft that allows organizations to manage and secure their devices. It offers remote actions that enable administrators to perform various tasks on managed devices, such as deploying software, configuring settings, or initiating scans.
Defender EDR (Endpoint Detection and Response) is a feature of Microsoft Defender Antivirus that provides advanced threat detection and response capabilities on Windows devices. It allows organizations to investigate and respond to security incidents.
When it comes to compatibility between Intune remote action and Defender EDR isolation, both can work together effectively. Defender EDR isolation is a feature that isolates potentially compromised devices from the network to prevent the further spread of threats. It creates a secure environment for investigation and remediation.
If a device managed by Intune is placed in Defender EDR isolation, you can still use Intune remote actions to perform necessary tasks on the device. These actions can include initiating scans, deploying security updates, or even triggering remediation actions. However, it's important to note that the exact actions available may depend on the specific configuration and capabilities of your Intune and Defender EDR environments.
Overall, Intune remote action is compatible with Defender EDR isolation, allowing you to manage and secure your devices even when they are isolated for investigation or remediation purposes.
Defender EDR (Endpoint Detection and Response) is a feature of Microsoft Defender Antivirus that provides advanced threat detection and response capabilities on Windows devices. It allows organizations to investigate and respond to security incidents.
When it comes to compatibility between Intune remote action and Defender EDR isolation, both can work together effectively. Defender EDR isolation is a feature that isolates potentially compromised devices from the network to prevent the further spread of threats. It creates a secure environment for investigation and remediation.
If a device managed by Intune is placed in Defender EDR isolation, you can still use Intune remote actions to perform necessary tasks on the device. These actions can include initiating scans, deploying security updates, or even triggering remediation actions. However, it's important to note that the exact actions available may depend on the specific configuration and capabilities of your Intune and Defender EDR environments.
Overall, Intune remote action is compatible with Defender EDR isolation, allowing you to manage and secure your devices even when they are isolated for investigation or remediation purposes.
Mathew_bloggs please don't use ChatGPT to spread misinformation
